Page 1 of 3 123 LastLast
Results 1 to 10 of 22
  1. #1
    Join Date
    Aug 2020
    Location
    Finland
    Posts
    12
    Plugin Contributions
    0

    Default Bambora Payform - Session expired after some payments instead of checkout_success

    Hi!

    I use Zen Cart for almost 10 years, never posted questions, because always found a solution reading this forum.
    But now I am stuck

    I have upgraded to 157 about a week ago from 155f via zc_install. Also changed 7.1 PHP to 7.4.9 PHP on server.
    Using plugins Ultimate Seo Url, multilangual EZ-pages, payment module by Finnish payment service Bambora (can be found here: https://github.com/bambora/payform-zencart).
    My site is here https://www.tulihelmi.fi/

    But my problem was presented also before an upgrade with 155f and PHP 7.1.

    Problem:

    Sometimes my customers have problem with payment using Bambora. There were single cases last autumn and January. Then in March and April more cases. Then in June and July few. Now in August it got worst and last days (also before an update) like every second order

    Path goes like this:
    - they push Confirm Order Button
    - go to Bambora's page and pay
    - redirecting back to shop

    Normally must go to checkout_success page and in some cases it happens.
    But in some cases they go to session expired page, so they got logged out.
    In both cases I get paid and order registers into webshop, but customers are confused.

    Also this happens to the same customer, who sometimes previously made an order without any problem. And next order same customer places withot problem. Seems to be random.
    I also checked it and some times I can get back to checkout_success, sometimes get logged out.

    Tried:

    I read forum. Seem to be the problem is that session cookies are lost is some cases.
    Tried to change settings in admin/configurarions/sessions as advised. No difference.

    Now using these settings again, as I always had:

    Session directory /home/beadzsto/public_html/tulihelmi.fi/cache
    Cookie Domain True
    Force Cookie Use False
    Check SSL Session ID False
    Check User Agent False
    Check IP Address True
    Prevent Spider Sessions True
    Recreate Session True
    IP to Host Conversion Status true
    Use root path for cookie path False
    Add period prefix to cookie domain True

    Both configure.php files have correct setting to my mind. Tried to change SQL_CACHE_METHOD to database, no difference.
    PHP Code:
    <?php
    /**
     * dist-configure.php - SAMPLE FILE!
     *
     * @package Configuration Settings
     * @copyright Copyright 2003-2016 Zen Cart Development Team
     * @copyright Portions Copyright 2003 osCommerce
     * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
     * @version $Id: Author: DrByte  Thu Dec 17 11:49:31 2015 -0500 Modified in v1.5.5 $
     * @private
     */

    /*************** NOTE: This file is VERY similar to, but DIFFERENT from the "admin" version of configure.php. ***********/
    /***************       The 2 files should be kept separate and not used to overwrite each other.              ***********/

    /**
     * Enter the domain for your store
     * HTTP_SERVER is your Main webserver: eg-http://www.yourdomain.com
     * HTTPS_SERVER is your Secure/SSL webserver: eg-https://www.yourdomain.com
     */
    define('HTTP_SERVER''https://www.tulihelmi.fi');
    define('HTTPS_SERVER''https://www.tulihelmi.fi');

    /**
     *  If you want to tell Zen Cart to use your HTTPS URL on sensitive pages like login and checkout, set this to 'true'. Otherwise 'false'. (Keep the quotes)
     */
    define('ENABLE_SSL''true');

    /**
     * These DIR_WS_xxxx values refer to the name of any subdirectory in which your store is located.
     * These values get added to the HTTP_CATALOG_SERVER and HTTPS_CATALOG_SERVER values to form the complete URLs to your storefront.
     * They should always start and end with a slash ... ie: '/' or '/foldername/'
     */
    define('DIR_WS_CATALOG''/');
    define('DIR_WS_HTTPS_CATALOG''/');

    /**
     * This is the complete physical path to your store's files.  eg: /var/www/vhost/accountname/public_html/store/
     * Should have a closing / on it.
     */
    define('DIR_FS_CATALOG''/home/beadzsto/public_html/tulihelmi.fi/');

    /**
     * The following settings define your database connection.
     * These must be the SAME as you're using in your admin copy of configure.php
     */
    define('DB_TYPE''mysql'); // always 'mysql'
    define('DB_PREFIX'''); // prefix for database table names -- preferred to be left empty
    define('DB_CHARSET''utf8'); // 'utf8' or 'latin1' are most common
    define('DB_SERVER''localhost');  // address of your db server
    define('DB_SERVER_USERNAME''secret');
    define('DB_SERVER_PASSWORD''secret');
    define('DB_DATABASE''secret');

    /**
     * This is an advanced setting to determine whether you want to cache SQL queries.
     * Options are 'none' (which is the default) and 'file' and 'database'.
     */
    define('SQL_CACHE_METHOD''database');

    /**
     * Reserved for future use
     */
    define('SESSION_STORAGE''temporary value added by zc_install');

    /**
     * Advanced use only:
     * The following are OPTIONAL, and should NOT be set unless you intend to change their normal use. Most sites will leave these untouched.
     * To use them, uncomment AND add a proper defined value to them.
     */
    // define('DIR_FS_SQL_CACHE' ...
    // define('DIR_FS_DOWNLOAD' ...
    // define('DIR_FS_LOGS' ...

    // End Of File
    I also was trying to surf through the store for some times checking if I get logged out, did not happen. But may be need to be in the shop longer, not sure.

    Did not try any other payment module yet since the problem started, cos we have not very big choice of payment plugins made for Zen Cart in Finland.

    So can it be a Bambora's problem or something wrong with my site? Or the server? A contacted my provider, they say they have nothing wrong.
    Seems to be random sometimes working perfectly, sometimes not on a same user, browser and device.

    Please, advice what else can I do
    I love Zen Cart cos it is customisable... But this issue with payment ruining it all.

  2. #2
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    12,912
    Plugin Contributions
    89

    Default Re: Session expired after some payments instead of checkout_success

    There's one Sessions setting that's different from the default: Check IP Address True (the default's False).

    Any idea why that change was made?

  3. #3
    Join Date
    Aug 2020
    Location
    Finland
    Posts
    12
    Plugin Contributions
    0

    Default Re: Session expired after some payments instead of checkout_success

    No idea. I do not remember changing it ever. But I tried to put it to False, as it is default. No difference.

  4. #4
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    12,912
    Plugin Contributions
    89

    Default Re: Session expired after some payments instead of checkout_success

    Does the issue occur on all browsers? I've been seeing a lot of timeouts due to the "Samesite" cookie settings on Chrome, but you've got your site setup as 'None, secure' which should be (?) fine.

  5. #5
    Join Date
    Aug 2020
    Location
    Finland
    Posts
    12
    Plugin Contributions
    0

    Default Re: Session expired after some payments instead of checkout_success

    Need to test more on other browsers. Just tried on Safari for more than 10 times, all working.
    SameSite cookies is something new for me. Is it like setting in chrome (just quickly googled it)?
    So if this is the issue, I should update the settings somewhere on my site to SameSite=None; Secure?

    And if it is the issue, can it be random like I have it?

  6. #6
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    12,912
    Plugin Contributions
    89

    Default Re: Session expired after some payments instead of checkout_success

    Quote Originally Posted by kalm View Post
    Need to test more on other browsers. Just tried on Safari for more than 10 times, all working.
    SameSite cookies is something new for me. Is it like setting in chrome (just quickly googled it)?
    So if this is the issue, I should update the settings somewhere on my site to SameSite=None; Secure?

    And if it is the issue, can it be random like I have it?
    What does your copy of /includes/init_includes/init_sessions.php (around line 43) read? Is it similar to

    Code:
    if (filter_var($cookieDomain, FILTER_VALIDATE_IP)) $domainPrefix = '';
    $secureFlag = ((ENABLE_SSL == 'true' && substr(HTTP_SERVER, 0, 6) == 'https:' && substr(HTTPS_SERVER, 0, 6) == 'https:') || (ENABLE_SSL == 'false' && substr(HTTP_SERVER, 0, 6) == 'https:')) ? TRUE : FALSE;
    
    session_set_cookie_params(0, $path, (zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : ''), $secureFlag, TRUE);
    
    /**
     * set the session ID if it exists
     */
    if (isset($_POST[zen_session_name()])) {
      zen_session_id($_POST[zen_session_name()]);
    } elseif ( ($request_type == 'SSL') && isset($_GET[zen_session_name()]) ) {
      zen_session_id($_GET[zen_session_name()]);
    }
    ... or to
    Code:
    if (filter_var($cookieDomain, FILTER_VALIDATE_IP)) $domainPrefix = '';
    $secureFlag = ((ENABLE_SSL == 'true' && substr(HTTP_SERVER, 0, 6) == 'https:' && substr(HTTPS_SERVER, 0, 6) == 'https:') || (ENABLE_SSL == 'false' && substr(HTTP_SERVER, 0, 6) == 'https:')) ? TRUE : FALSE;
    
    $samesite = (defined('COOKIE_SAMESITE')) ? COOKIE_SAMESITE : 'lax';
    if (!in_array($samesite, ['lax', 'strict', 'none'])) $samesite = 'lax';
    
    session_set_cookie_params([
        'lifetime' => 0,
        'path' => $path,
        'domain' => (zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : ''),
        'secure' => $secureFlag,
        'httponly' => true,
        'samesite' => $samesite,
    ]);
    
    /**
     * set the session ID if it exists
     */
    if (isset($_POST[zen_session_name()])) {
      zen_session_id($_POST[zen_session_name()]);
    } elseif ( ($request_type == 'SSL') && isset($_GET[zen_session_name()]) ) {
      zen_session_id($_GET[zen_session_name()]);
    }
    That second version is destined for zc157a. From a browser-testing standpoint, I've found Chrome to be the most 'finicky' when it comes to those cookies.

  7. #7
    Join Date
    Aug 2020
    Location
    Finland
    Posts
    12
    Plugin Contributions
    0

    Default Re: Session expired after some payments instead of checkout_success

    Hi! Thank you for response!

    I have first variant:
    PHP Code:
    session_set_cookie_params(0$path, (zen_not_null($cookieDomain) ? $domainPrefix $cookieDomain ''), $secureFlagTRUE); 

  8. #8
    Join Date
    Aug 2020
    Location
    Finland
    Posts
    12
    Plugin Contributions
    0

    Default Re: Session expired after some payments instead of checkout_success

    Now tried the second code, but it got worst. It started to log me out of my account every time after payment.
    Before I could't catch this in Safari, but with second code same problem started on Safari too - logged out after every payment.
    Changed back to first variant - works on Safari again. At least did not log me out after several attempts.

  9. #9
    Join Date
    Oct 2013
    Location
    Canada
    Posts
    29
    Plugin Contributions
    0

    Default Re: Session expired after some payments instead of checkout_success

    Quote Originally Posted by kalm View Post
    Now tried the second code, but it got worst. It started to log me out of my account every time after payment.
    Before I could't catch this in Safari, but with second code same problem started on Safari too - logged out after every payment.
    Changed back to first variant - works on Safari again. At least did not log me out after several attempts.

    Sounds like the same problem I'm having with my epath gateway when it tries to return to the checkout_success page. See https://www.zen-cart.com/showthread....ighlight=epath

    Lat9 referred to a sticky zenid issue which I would like to try and solve if I knew how.

  10. #10
    Join Date
    Oct 2013
    Location
    Canada
    Posts
    29
    Plugin Contributions
    0

    Default Re: Session expired after some payments instead of checkout_success

    Sounds like the same problem I'm having with my epath gateway when it tries to return to the checkout_success page. See https://www.zen-cart.com/showthread....ighlight=epath

    Lat9 referred to a sticky zenid issue which I would like to try and solve if I knew how.

 

 
Page 1 of 3 123 LastLast

Similar Threads

  1. v155 Impossible checkout (Immediate expired session) after server move
    By xavierpages in forum Upgrading to 1.5.x
    Replies: 7
    Last Post: 26 Jul 2016, 01:22 AM
  2. v137 Whoops! Your session has expired. Session Question.
    By weblamer in forum Upgrading to 1.5.x
    Replies: 5
    Last Post: 7 Jun 2015, 07:20 PM
  3. v151 Session Expired problem after installed the stock per atribute plugin
    By alexandregsalves in forum General Questions
    Replies: 0
    Last Post: 30 Jun 2013, 11:23 PM
  4. Whoops! Your session has expired. after paypal continue, since webserver upgraded
    By Justwade in forum PayPal Express Checkout support
    Replies: 15
    Last Post: 12 Jan 2010, 03:03 AM
  5. suddenly 'whoops your session has expired' with Secure Trading payments
    By PhillipHarrison in forum Addon Payment Modules
    Replies: 3
    Last Post: 18 Mar 2009, 01:30 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR