Customer Login fails (loops) after changing host

[Dave224]

carlwhat,
Log back in to your account. When you get taken back to the main page, is login or logout shown in the green bar at the top? Does zc create a new session in going from http page to https page and vice versa?
Dave

[carlwhat]

carlwhat,
Log back in to your account. When you get taken back to the main page, is login or logout shown in the green bar at the top? Does zc create a new session in going from http page to https page and vice versa?
Dave

when i login, your site is at https. it stays at https. i can browse no problem. i can see my account data. no problem. as i initially showed in my screenshot above, it shows logout and my account in the green bar. if i manually change the url to http, i then appear to be logged out. i do not believe one can look at one's account data if ZC is set up for https as the session is different for http v https. if i try to go to my account, it then requires me to login back in. so my initial https session looks destroyed. but in fact it is not. the session is there, but one needs the zenid parameter in the url to reconnect to that existing https session. which is not being passed along in the url.

few things:

• this is NOT standard behavior for any user to manually change URLs.
• i am not sure how ZC handles the zenid in the url. perhaps someone else can chime in. some times it is there, some times it is not...
• 100% convinced this has nothing to do with timeouts.
• i was able to place an order no problem.

i am not sure if this "problem" would be solved by making the site all https. if so, i have found this approach to work fine for me as opposed to doing any redirects in the .htaccess:

https://github.com/zencart/zencart/pull/1525/files

(looks staged for the next version of ZC.)

hope that helps.

[mprough]

What browser are Dave224 and carlwhat using?

~Melanie

[carlwhat]

What browser are Dave224 and carlwhat using?

~Melanie

carlWHAT:

google chrome:

Version 71.0.3578.98 (Official Build) (64-bit)

[mprough]

The reason I ask, I saw similar behavior because of Chrome's datasaver function. I add no-transform to cache-control on all sites because Chrome cannot properly negotiate sessions with data saver on, which is on by default.

Data Saver

On your Android phone or tablet, open the Chrome app .
At the top right, tap More Settings.
Under "Advanced," tap Data Saver.

~Melanie

[carlwhat]

The reason I ask, I saw similar behavior because of Chrome's datasaver function. I add no-transform to cache-control on all sites because Chrome cannot properly negotiate sessions with data saver on, which is on by default.

Data Saver

On your Android phone or tablet, open the Chrome app .
At the top right, tap More Settings.
Under "Advanced," tap Data Saver.

~Melanie

fyi, i was never questioning why you asked.... but nice to know why.

i'm on a desktop. call me old school. data saver is an extension that is NOT added to my desktop version of chrome.

best.

[mprough]

Maybe it is on Dave's? =)

~Melanie

[DrByte]

Yes, v1.5.1 is correct.

session.hash_bits_per_character: 6 (new host), 4 (dev system)

That's your problem. v1.5.4 and older don't support hash_bits_per_character higher than 5.

Work with your host for the best way to drop that to 4 or 5 temporarily until you upgrade to the newer Zen Cart version.

Also note that the hash_bits_per_character is irrelevant after PHP 7.1 (it was renamed in 7.1.0). But that's moot since newer ZC versions work with the newer settings anyway.
Hence using the word "temporarily" above. :)

[Dave224]

Melanie, carlwhat, I'm using Firefox 64.0 on Mac OS 10.13.6.

DrByte, I'll try to get session.hash_bits_per_character changed and report back. Thank you!

[Dave224]

I've changed the value of session.hash_bits_per_character in the php.ini file and extensively tested the store. It works perfectly now. Thank you DrByte and the others who have helped fix this problem. Great support!!!