What code is triggered by "Add to cart"?

[flyvholm]

I get a session timeout when I use the "add to cart" button from particular customized pages, so I'm looking to figure out where and why the redirect to the timeout page occurs. Unfortunately, looking at the html for the "add to cart" button I have no clue what code is being executed when clicking it or how it is triggered. I'm hoping somebody is willing to enlighten me...

[lat9]

If I remember correctly, the "timeout after add-to-cart" behavior implies that you've got a form that uses the POST method for submission and doesn't include the hidden variable for the securityToken (aka session-cookie). If you use the Zen Cart function zen_draw_form(), that function automatically adds the securityToken variable for you!

[flyvholm]

Thank you. That brought me a bit further, but I'm still in trouble. The form is created with zen_draw_form and does have the hidden security token when it fails. Additional observations... it only happens when a new session begins, i.e. when a new securityToken is encountered (a second "add to cart" will succeed), and only if there's already a cookie from a previous visit. But then it does happen consistently. It happens in Chrome and Opera, but not Firefox or Safari. Should you wish to see for yourself, the store (under development) is at astralisproductions.com/purchase/ with username/password astralis/Aurora (it may ask for it twice, not sure why that is happening).

For troubleshooting I'd like to know where the redirect to the timeout page happens. I installed the Notifier Trace plugin, and the result for a failed "add to cart" is:

Code:

2014-09-30 17:58:39 [main_page=product_info] NOTIFIER_CART_INSTANTIATE_START
2014-09-30 17:58:39 [main_page=product_info] NOTIFIER_CART_RESET_START, array (
  'param2' => false,
)
2014-09-30 17:58:39 [main_page=product_info] NOTIFIER_CART_RESET_END
2014-09-30 17:58:39 [main_page=product_info] NOTIFIER_CART_INSTANTIATE_END
2014-09-30 17:58:40 [main_page=time_out] NOTIFY_HEADER_START_LOGIN
(...etc.)

So as far as I can tell, it calls function shoppingCart(), then redirects. I haven't been able to identify where that happens, except, it's before application_top.php is executed (because a check reveals that main_page=time_out when application_top begins).

[flyvholm]

Might add, advice given in another thread on a similar issue was to to change admin settings "Use root path for cookie path" and "Add period prefix to cookie domain". Unfortunately that doesn't appear to make any difference in my case.

[lat9]

Who is your webhost?

[flyvholm]

Justhost. I've also read about users having session problems due to Suhosin, but a phpinfo on the host server reveals Suhosin isn't installled.

[flyvholm]

So in order to troubleshoot I'm still stuck with the original question... what code is executed immediately upon clicking "add to cart", before application_top.php?

[mc12345678]

The action to be performed/location to go based on clicking a button in a form is identified at the start of the form. Once the code has been parsed to display on the screen, the full path can be realized. Generally speaking, either the next action is to load a specific file or to have index.php process the request. I'm not sure what the "test" was to determine that application_top had not been loaded as part of the redirect or not but it is unusual for the zenID/Token to change when the routine conditions for a time-out have not occurred.

Besides adding custom pages which are assumed to play a factor in why there may be a session issue, where did you obtain the files installed to run ZC? How was it installed? I know there is something about the php.ini file that I should ask, but can't think of it at the moment. Settings associated to it can be found in the admin panel version section.

As for the notifier trace that was performed earlier, may want to look at what was notified prior to the cart portion as somewhere previously may be the "controller" that directed to load the timeout after parsing the cart code. Might look for a start that does not have an end or if it does that the end is after the timeout being loaded/parsed...

[lat9]

So in order to troubleshoot I'm still stuck with the original question... what code is executed immediately upon clicking "add to cart", before application_top.php?

Quick answer: nothing.

application_top.php is the first module loaded by /index.php. The module that does get control on an add-to-cart action is /includes/main_cart_handler.php, loaded late in the start-up process; depending on the cart-related request, it will call one of the shopping_cart class functions.

[flyvholm]

I made two huge mistakes. application_top does indeed execute immediately after clicking "add to cart", then it runs a second time after the redirect. I only saw the output from the second instance because I was writing it to a file without appending.
So I tracked the problem as far as: application_top.php -> autoload_func.php -> init_sessions.php -> zen_session_start() -> session_start()
This function assigns the variable $_SESSION['securityToken'] which must match $_POST['securityToken'] to avoid being redirected to the timeout page later. In Chrome and Opera (but not Firefox or Safari) a non-matching security token was assigned, hence the trouble.
I did not troubleshoot further because at this point I realized another mistake. I had not tested a very simple fix that had worked for others: Changing the HTTP_SERVER in the configure.php files to the secure address used for the HTTPS_SERVER. I mistakenly thought that issue was only on servers with Suhosin enabled, but apparently not. Session timout errors be gone...