Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 46
  1. #21
    Join Date
    Mar 2009
    Posts
    609
    Plugin Contributions
    0

    Default Re: payer auth verifier causes session timeout error

    This is happening with express checkout paypal payments as well as card payments.

    Checkout moves along, through the various stages, goes to confirm order and one of 3 things happen.

    1) checkout normal, gets success page, stays logged in.
    2) checkout completes, order created, customer gets timeout and becomes guest, doesn't know order was completed.
    3) checkout fails, timeout page, becomes guest, old session remains in the checkout stage.

    I'm tempted to go back to php 5.6 and use the paypal code from version 1.5.4 as this problem is costing thousands in lost sales

  2. #22
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: payer auth verifier causes session timeout error

    Probably won't make any difference rolling back to older code. Browsers have recently begun enforcing SameSite=Strict restrictions as a default, and if your payments are handled on a page that requires redirecting away from Zen Cart and then back again, your store's session cookies will not be recognized, thus the shopper is logged out.

    It's quite possible that the solution is in simply applying these changes:
    https://github.com/zencart/zencart/pull/3802/files
    and ensuring your HTTP_SERVER setting in configure.php contains an https:// URL.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #23
    Join Date
    Mar 2009
    Posts
    609
    Plugin Contributions
    0

    Default Re: payer auth verifier causes session timeout error

    I've already applied the changes you mentioned and my site is already full https.

    Problem still persists
    Last edited by DigitalShadow; 11 Sep 2020 at 12:49 PM.

  4. #24
    Join Date
    Dec 2007
    Location
    Payson, AZ
    Posts
    1,076
    Plugin Contributions
    15

    Default Re: payer auth verifier causes session timeout error

    Quote Originally Posted by DigitalShadow View Post
    I've already applied the changes you mentioned and my site is already full https.

    Problem still persists
    From what I've read so far, 3d secure is a PayPal UK nightmare.. Dropping back to an older version of PHP below 7 may buy you some time, changing ZC versions wont buy you anything. Basically, PHP and browsers are advancing there code to help prevent Man-in-the-middle attacks.. 3d secure doesn't seem to be advancing, but I'm not a PayPal supporter.
    Dave
    Always forward thinking... Lost my mind!

  5. #25
    Join Date
    Mar 2009
    Posts
    609
    Plugin Contributions
    0

    Default Re: payer auth verifier causes session timeout error

    but why would normal paypal express checkout payments also have the same issue?

  6. #26
    Join Date
    Jul 2012
    Posts
    16,718
    Plugin Contributions
    17

    Default Re: payer auth verifier causes session timeout error

    Quote Originally Posted by DigitalShadow View Post
    but why would normal paypal express checkout payments also have the same issue?
    When you say same issue, do you mean that the same mydebug log content is provided when only one user is going through checkout and that user is using paypal express (potentially with the other paypal module disabled)?

    Otherwise, and also without searching through all of the code, there is the possibility that in this configuration that even using PayPal Express, a 3d secure "customer" may be directed through this same set of code that is attempting to change the session id after the session has been started without first closing the existing session and starting this new session.
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

  7. #27
    Join Date
    Dec 2007
    Location
    Payson, AZ
    Posts
    1,076
    Plugin Contributions
    15

    Default Re: payer auth verifier causes session timeout error

    Quote Originally Posted by mc12345678 View Post
    Otherwise, and also without searching through all of the code, there is the possibility that in this configuration that even using PayPal Express, a 3d secure "customer" may be directed through this same set of code that is attempting to change the session id after the session has been started without first closing the existing session and starting this new session.
    Yes, it's due to the card membership supporting 3d secure, non-membership cards would process without any problems! Check your PayPal settings, they hinted at the possibility of turning off 3d secure..
    Dave
    Always forward thinking... Lost my mind!

  8. #28
    Join Date
    Mar 2009
    Posts
    609
    Plugin Contributions
    0

    Default Re: payer auth verifier causes session timeout error

    If 3D secure is the fraud management filters, I think it has been off throughout all of this, can you confirm where the setting is located so I can double check.

  9. #29
    Join Date
    Dec 2007
    Location
    Payson, AZ
    Posts
    1,076
    Plugin Contributions
    15

    Default Re: payer auth verifier causes session timeout error

    Quote Originally Posted by DigitalShadow View Post
    If 3D secure is the fraud management filters, I think it has been off throughout all of this, can you confirm where the setting is located so I can double check.
    I'm not in the UK and I deleted PayPal soon as Square came out. I would contact them..
    Dave
    Always forward thinking... Lost my mind!

  10. #30
    Join Date
    Mar 2009
    Posts
    609
    Plugin Contributions
    0

    Default Re: payer auth verifier causes session timeout error

    You can see a massive jump in time_out hits when I changed from using the paypal files from zen 1.5.4 (php 5.6.4) to 1.5.6c (php 7.3.22) on the 28th

    Name:  timeout.jpg
Views: 148
Size:  16.0 KB

 

 
Page 3 of 5 FirstFirst 12345 LastLast

Similar Threads

  1. Can't Checkout - "Whoops! Session Timeout" error
    By hauerjw in forum Installing on a Linux/Unix Server
    Replies: 5
    Last Post: 16 Dec 2011, 12:29 AM
  2. Session Timeout
    By Maximis86 in forum General Questions
    Replies: 1
    Last Post: 24 Feb 2011, 06:33 AM
  3. Replies: 0
    Last Post: 9 Apr 2010, 12:45 AM
  4. v1.38 New Install PHP session.use_trans_sid=ON fix causes error
    By bettysue in forum Installing on a Linux/Unix Server
    Replies: 8
    Last Post: 17 Dec 2007, 04:14 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR