Magento 2: User get Redirected to Empty Cart Page?
When I placed order from checkout page with money order. User get redirected to empty cart page instead of success page.
I am using one step checkout in website.
magento2 checkout onestepcheckout
asked Feb 9 '17 at 13:28
Pankaj SharmaPankaj Sharma
4901421
bumped to the homepage by Community♦ 2 days ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
When I placed order from checkout page with money order. User get redirected to empty cart page instead of success page.
I am using one step checkout in website.
magento2 checkout onestepcheckout
asked Feb 9 '17 at 13:28
Pankaj SharmaPankaj Sharma
4901421
bumped to the homepage by Community♦ 2 days ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
1
You should check error log.
– Khoa TruongDinh
Feb 9 '17 at 13:57
add a comment |
When I placed order from checkout page with money order. User get redirected to empty cart page instead of success page.
I am using one step checkout in website.
magento2 checkout onestepcheckout
asked Feb 9 '17 at 13:28
Pankaj SharmaPankaj Sharma
4901421
When I placed order from checkout page with money order. User get redirected to empty cart page instead of success page.
I am using one step checkout in website.
magento2 checkout onestepcheckout
magento2 checkout onestepcheckout
asked Feb 9 '17 at 13:28
Pankaj SharmaPankaj Sharma
4901421
asked Feb 9 '17 at 13:28
Pankaj SharmaPankaj Sharma
4901421
edited Feb 9 '17 at 13:48
Pankaj Sharma
asked Feb 9 '17 at 13:28
Pankaj SharmaPankaj Sharma
4901421
asked Feb 9 '17 at 13:28
Pankaj SharmaPankaj Sharma
4901421
asked Feb 9 '17 at 13:28
Pankaj SharmaPankaj Sharma
4901421
4901421
bumped to the homepage by Community♦ 2 days ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 2 days ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
1
You should check error log.
– Khoa TruongDinh
Feb 9 '17 at 13:57
add a comment |
1
You should check error log.
– Khoa TruongDinh
Feb 9 '17 at 13:57
1
1
You should check error log.
– Khoa TruongDinh
Feb 9 '17 at 13:57
You should check error log.
– Khoa TruongDinh
Feb 9 '17 at 13:57
add a comment |
3 Answers
3
active
oldest
votes
Here is a temporary fix, it is not as per magento 2 standard. But as there is some existing issue with session in magento 2 and I have seen many of people facing same issue. I am sharing this temporary fix. Soon, I will update you with Correct answer.
Under vendor controller MagentoCheckoutControllerOnepage open success.php file vendormagentomodule-checkoutControllerOnepageSuccess.php
Just comment this line of code:
// return $this->resultRedirectFactory->create()->setPath('checkout/cart');
OR
you can create an observer for Success.php and custamize success controller.
edited Mar 16 '18 at 4:26
Teja Bhagavan Kollepara
2,94841847
answered Feb 17 '17 at 6:46
Pankaj SharmaPankaj Sharma
4901421
Did you ever get an update?
– tjjen
2 days ago
add a comment |
Are there any updates on this? I'm running across this now and seeing that this post is about 1-2 years old.. Is it still the appropriate fix, even if it's a temporary fix. It's unacceptable to be giving customers a confusing experience like this.. they are spending money, order is executing and they are getting a cart-empty page :(
answered Nov 2 '18 at 13:06
JustinPJustinP
369415
add a comment |
We are too (Magento Commerce Cloud 2.2.5) -- but for any payment type, not just MO. Magento Support issued us a patch that addresses the PHP issue regarding secure sessions and referral checks...
... but that didn't fix the problem for us -- still getting random redirects to empty cart after the user presses Place Order (potential race condition).
MDVA-10441_EE_2.3.3_v3.composer
diff --git a/vendor/magento/module-checkout/Controller/Index/Index.php b/vendor/magento/module-checkout/Controller/Index/Index.php
index 0a5b7f190e3..9fe760d3fa7 100644
--- a/vendor/magento/module-checkout/Controller/Index/Index.php
+++ b/vendor/magento/module-checkout/Controller/Index/Index.php
@@ -32,11 +32,37 @@ class Index extends MagentoCheckoutControllerOnepage
return $this->resultRedirectFactory->create()->setPath('checkout/cart');
}
- $this->_customerSession->regenerateId();
+ // generate session ID only if connection is unsecure according to issues in session_regenerate_id function.
+ // @see http://php.net/manual/en/function.session-regenerate-id.php
+ if (!$this->isSecureRequest()) {
+ $this->_customerSession->regenerateId();
+ }
$this->_objectManager->get(MagentoCheckoutModelSession::class)->setCartWasUpdated(false);
$this->getOnepage()->initCheckout();
$resultPage = $this->resultPageFactory->create();
$resultPage->getConfig()->getTitle()->set(__('Checkout'));
return $resultPage;
}
+
+ /**
+ * Checks if current request uses SSL and referer also is secure.
+ *
+ * @return bool
+ */
+ private function isSecureRequest(): bool
+ {
+ $secure = false;
+ $request = $this->getRequest();
+
+ if ($request->isSecure()) {
+ $secure = true;
+ }
+
+ if ($request->getHeader('referer')) {
+ $scheme = parse_url($request->getHeader('referer'), PHP_URL_SCHEME);
+ $secure = $scheme === 'https';
+ }
+
+ return $secure;
+ }
}
diff --git a/vendor/magento/module-checkout/view/frontend/web/js/proceed-to-checkout.js b/vendor/magento/module-checkout/view/frontend/web/js/proceed-to-checkout.js
index f0679c657ab..0bb0a53ce0a 100644
--- a/vendor/magento/module-checkout/view/frontend/web/js/proceed-to-checkout.js
+++ b/vendor/magento/module-checkout/view/frontend/web/js/proceed-to-checkout.js
@@ -22,6 +22,7 @@ define([
return false;
}
+ $(element).attr('disabled', true);
location.href = config.checkoutUrl;
});
diff --git a/vendor/magento/module-checkout/view/frontend/web/js/sidebar.js b/vendor/magento/module-checkout/view/frontend/web/js/sidebar.js
index 13a2b524e51..93a78e7d34c 100644
--- a/vendor/magento/module-checkout/view/frontend/web/js/sidebar.js
+++ b/vendor/magento/module-checkout/view/frontend/web/js/sidebar.js
@@ -60,13 +60,15 @@ define([
};
events['click ' + this.options.button.checkout] = $.proxy(function () {
var cart = customerData.get('cart'),
- customer = customerData.get('customer');
+ customer = customerData.get('customer'),
+ element = $(this.options.button.checkout);
if (!customer().firstname && cart().isGuestCheckoutAllowed === false) {
// set URL for redirect on successful login/registration. It's postprocessed on backend.
$.cookie('login_redirect', this.options.url.checkout);
if (this.options.url.isRedirectRequired) {
+ element.prop('disabled', true);
location.href = this.options.url.loginUrl;
} else {
authenticationPopup.showModal();
@@ -74,6 +76,7 @@ define([
return false;
}
+ element.prop('disabled', true);
location.href = this.options.url.checkout;
}, this);
diff --git a/vendor/magento/module-customer/Model/Plugin/CustomerNotification.php b/vendor/magento/module-customer/Model/Plugin/CustomerNotification.php
index 3f73c8cdaee..2181e5b4578 100644
--- a/vendor/magento/module-customer/Model/Plugin/CustomerNotification.php
+++ b/vendor/magento/module-customer/Model/Plugin/CustomerNotification.php
@@ -85,11 +85,36 @@ class CustomerNotification
$customer = $this->customerRepository->getById($customerId);
$this->session->setCustomerData($customer);
$this->session->setCustomerGroupId($customer->getGroupId());
- $this->session->regenerateId();
+ if (!$this->isSecureRequest($request)) {
+ $this->session->regenerateId();
+ }
$this->notificationStorage->remove(NotificationStorage::UPDATE_CUSTOMER_SESSION, $customerId);
} catch (NoSuchEntityException $e) {
$this->logger->error($e);
}
}
}
+
+ /**
+ * Checks if current request uses SSL and referer also is secure.
+ *
+ * @param RequestInterface $request
+ *
+ * @return bool
+ */
+ private function isSecureRequest(RequestInterface $request)
+ {
+ $secure = false;
+
+ if ($request->isSecure()) {
+ $secure = true;
+ }
+
+ if ($request->getHeader('referer')) {
+ $scheme = parse_url($request->getHeader('referer'), PHP_URL_SCHEME);
+ $secure = $scheme === 'https';
+ }
+
+ return $secure;
+ }
}
answered Nov 5 '18 at 12:43
Jeff OwensJeff Owens
11
Did you get this resolved?
– tjjen
2 days ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "479"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f159021%2fmagento-2-user-get-redirected-to-empty-cart-page%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
Here is a temporary fix, it is not as per magento 2 standard. But as there is some existing issue with session in magento 2 and I have seen many of people facing same issue. I am sharing this temporary fix. Soon, I will update you with Correct answer.
Under vendor controller MagentoCheckoutControllerOnepage open success.php file vendormagentomodule-checkoutControllerOnepageSuccess.php
Just comment this line of code:
// return $this->resultRedirectFactory->create()->setPath('checkout/cart');
OR
you can create an observer for Success.php and custamize success controller.
edited Mar 16 '18 at 4:26
Teja Bhagavan Kollepara
2,94841847
answered Feb 17 '17 at 6:46
Pankaj SharmaPankaj Sharma
4901421
Did you ever get an update?
– tjjen
2 days ago
add a comment |
Here is a temporary fix, it is not as per magento 2 standard. But as there is some existing issue with session in magento 2 and I have seen many of people facing same issue. I am sharing this temporary fix. Soon, I will update you with Correct answer.
Under vendor controller MagentoCheckoutControllerOnepage open success.php file vendormagentomodule-checkoutControllerOnepageSuccess.php
Just comment this line of code:
// return $this->resultRedirectFactory->create()->setPath('checkout/cart');
OR
you can create an observer for Success.php and custamize success controller.
edited Mar 16 '18 at 4:26
Teja Bhagavan Kollepara
2,94841847
answered Feb 17 '17 at 6:46
Pankaj SharmaPankaj Sharma
4901421
Did you ever get an update?
– tjjen
2 days ago
add a comment |
Here is a temporary fix, it is not as per magento 2 standard. But as there is some existing issue with session in magento 2 and I have seen many of people facing same issue. I am sharing this temporary fix. Soon, I will update you with Correct answer.
Under vendor controller MagentoCheckoutControllerOnepage open success.php file vendormagentomodule-checkoutControllerOnepageSuccess.php
Just comment this line of code:
// return $this->resultRedirectFactory->create()->setPath('checkout/cart');
OR
you can create an observer for Success.php and custamize success controller.
edited Mar 16 '18 at 4:26
Teja Bhagavan Kollepara
2,94841847
answered Feb 17 '17 at 6:46
Pankaj SharmaPankaj Sharma
4901421
Here is a temporary fix, it is not as per magento 2 standard. But as there is some existing issue with session in magento 2 and I have seen many of people facing same issue. I am sharing this temporary fix. Soon, I will update you with Correct answer.
Under vendor controller MagentoCheckoutControllerOnepage open success.php file vendormagentomodule-checkoutControllerOnepageSuccess.php
Just comment this line of code:
// return $this->resultRedirectFactory->create()->setPath('checkout/cart');
OR
you can create an observer for Success.php and custamize success controller.
edited Mar 16 '18 at 4:26
Teja Bhagavan Kollepara
2,94841847
answered Feb 17 '17 at 6:46
Pankaj SharmaPankaj Sharma
4901421
edited Mar 16 '18 at 4:26
Teja Bhagavan Kollepara
2,94841847
edited Mar 16 '18 at 4:26
Teja Bhagavan Kollepara
2,94841847
edited Mar 16 '18 at 4:26
Teja Bhagavan Kollepara
2,94841847
2,94841847
answered Feb 17 '17 at 6:46
Pankaj SharmaPankaj Sharma
4901421
answered Feb 17 '17 at 6:46
Pankaj SharmaPankaj Sharma
4901421
answered Feb 17 '17 at 6:46
Pankaj SharmaPankaj Sharma
4901421
4901421
Did you ever get an update?
– tjjen
2 days ago
add a comment |
Did you ever get an update?
– tjjen
2 days ago
Did you ever get an update?
– tjjen
2 days ago
Did you ever get an update?
– tjjen
2 days ago
add a comment |
Are there any updates on this? I'm running across this now and seeing that this post is about 1-2 years old.. Is it still the appropriate fix, even if it's a temporary fix. It's unacceptable to be giving customers a confusing experience like this.. they are spending money, order is executing and they are getting a cart-empty page :(
answered Nov 2 '18 at 13:06
JustinPJustinP
369415
add a comment |
Are there any updates on this? I'm running across this now and seeing that this post is about 1-2 years old.. Is it still the appropriate fix, even if it's a temporary fix. It's unacceptable to be giving customers a confusing experience like this.. they are spending money, order is executing and they are getting a cart-empty page :(
answered Nov 2 '18 at 13:06
JustinPJustinP
369415
add a comment |
Are there any updates on this? I'm running across this now and seeing that this post is about 1-2 years old.. Is it still the appropriate fix, even if it's a temporary fix. It's unacceptable to be giving customers a confusing experience like this.. they are spending money, order is executing and they are getting a cart-empty page :(
answered Nov 2 '18 at 13:06
JustinPJustinP
369415
Are there any updates on this? I'm running across this now and seeing that this post is about 1-2 years old.. Is it still the appropriate fix, even if it's a temporary fix. It's unacceptable to be giving customers a confusing experience like this.. they are spending money, order is executing and they are getting a cart-empty page :(
answered Nov 2 '18 at 13:06
JustinPJustinP
369415
answered Nov 2 '18 at 13:06
JustinPJustinP
369415
answered Nov 2 '18 at 13:06
JustinPJustinP
369415
answered Nov 2 '18 at 13:06
JustinPJustinP
369415
369415
add a comment |
add a comment |
We are too (Magento Commerce Cloud 2.2.5) -- but for any payment type, not just MO. Magento Support issued us a patch that addresses the PHP issue regarding secure sessions and referral checks...
... but that didn't fix the problem for us -- still getting random redirects to empty cart after the user presses Place Order (potential race condition).
MDVA-10441_EE_2.3.3_v3.composer
diff --git a/vendor/magento/module-checkout/Controller/Index/Index.php b/vendor/magento/module-checkout/Controller/Index/Index.php
index 0a5b7f190e3..9fe760d3fa7 100644
--- a/vendor/magento/module-checkout/Controller/Index/Index.php
+++ b/vendor/magento/module-checkout/Controller/Index/Index.php
@@ -32,11 +32,37 @@ class Index extends MagentoCheckoutControllerOnepage
return $this->resultRedirectFactory->create()->setPath('checkout/cart');
}
- $this->_customerSession->regenerateId();
+ // generate session ID only if connection is unsecure according to issues in session_regenerate_id function.
+ // @see http://php.net/manual/en/function.session-regenerate-id.php
+ if (!$this->isSecureRequest()) {
+ $this->_customerSession->regenerateId();
+ }
$this->_objectManager->get(MagentoCheckoutModelSession::class)->setCartWasUpdated(false);
$this->getOnepage()->initCheckout();
$resultPage = $this->resultPageFactory->create();
$resultPage->getConfig()->getTitle()->set(__('Checkout'));
return $resultPage;
}
+
+ /**
+ * Checks if current request uses SSL and referer also is secure.
+ *
+ * @return bool
+ */
+ private function isSecureRequest(): bool
+ {
+ $secure = false;
+ $request = $this->getRequest();
+
+ if ($request->isSecure()) {
+ $secure = true;
+ }
+
+ if ($request->getHeader('referer')) {
+ $scheme = parse_url($request->getHeader('referer'), PHP_URL_SCHEME);
+ $secure = $scheme === 'https';
+ }
+
+ return $secure;
+ }
}
diff --git a/vendor/magento/module-checkout/view/frontend/web/js/proceed-to-checkout.js b/vendor/magento/module-checkout/view/frontend/web/js/proceed-to-checkout.js
index f0679c657ab..0bb0a53ce0a 100644
--- a/vendor/magento/module-checkout/view/frontend/web/js/proceed-to-checkout.js
+++ b/vendor/magento/module-checkout/view/frontend/web/js/proceed-to-checkout.js
@@ -22,6 +22,7 @@ define([
return false;
}
+ $(element).attr('disabled', true);
location.href = config.checkoutUrl;
});
diff --git a/vendor/magento/module-checkout/view/frontend/web/js/sidebar.js b/vendor/magento/module-checkout/view/frontend/web/js/sidebar.js
index 13a2b524e51..93a78e7d34c 100644
--- a/vendor/magento/module-checkout/view/frontend/web/js/sidebar.js
+++ b/vendor/magento/module-checkout/view/frontend/web/js/sidebar.js
@@ -60,13 +60,15 @@ define([
};
events['click ' + this.options.button.checkout] = $.proxy(function () {
var cart = customerData.get('cart'),
- customer = customerData.get('customer');
+ customer = customerData.get('customer'),
+ element = $(this.options.button.checkout);
if (!customer().firstname && cart().isGuestCheckoutAllowed === false) {
// set URL for redirect on successful login/registration. It's postprocessed on backend.
$.cookie('login_redirect', this.options.url.checkout);
if (this.options.url.isRedirectRequired) {
+ element.prop('disabled', true);
location.href = this.options.url.loginUrl;
} else {
authenticationPopup.showModal();
@@ -74,6 +76,7 @@ define([
return false;
}
+ element.prop('disabled', true);
location.href = this.options.url.checkout;
}, this);
diff --git a/vendor/magento/module-customer/Model/Plugin/CustomerNotification.php b/vendor/magento/module-customer/Model/Plugin/CustomerNotification.php
index 3f73c8cdaee..2181e5b4578 100644
--- a/vendor/magento/module-customer/Model/Plugin/CustomerNotification.php
+++ b/vendor/magento/module-customer/Model/Plugin/CustomerNotification.php
@@ -85,11 +85,36 @@ class CustomerNotification
$customer = $this->customerRepository->getById($customerId);
$this->session->setCustomerData($customer);
$this->session->setCustomerGroupId($customer->getGroupId());
- $this->session->regenerateId();
+ if (!$this->isSecureRequest($request)) {
+ $this->session->regenerateId();
+ }
$this->notificationStorage->remove(NotificationStorage::UPDATE_CUSTOMER_SESSION, $customerId);
} catch (NoSuchEntityException $e) {
$this->logger->error($e);
}
}
}
+
+ /**
+ * Checks if current request uses SSL and referer also is secure.
+ *
+ * @param RequestInterface $request
+ *
+ * @return bool
+ */
+ private function isSecureRequest(RequestInterface $request)
+ {
+ $secure = false;
+
+ if ($request->isSecure()) {
+ $secure = true;
+ }
+
+ if ($request->getHeader('referer')) {
+ $scheme = parse_url($request->getHeader('referer'), PHP_URL_SCHEME);
+ $secure = $scheme === 'https';
+ }
+
+ return $secure;
+ }
}
answered Nov 5 '18 at 12:43
Jeff OwensJeff Owens
11
Did you get this resolved?
– tjjen
2 days ago
add a comment |
We are too (Magento Commerce Cloud 2.2.5) -- but for any payment type, not just MO. Magento Support issued us a patch that addresses the PHP issue regarding secure sessions and referral checks...
... but that didn't fix the problem for us -- still getting random redirects to empty cart after the user presses Place Order (potential race condition).
MDVA-10441_EE_2.3.3_v3.composer
diff --git a/vendor/magento/module-checkout/Controller/Index/Index.php b/vendor/magento/module-checkout/Controller/Index/Index.php
index 0a5b7f190e3..9fe760d3fa7 100644
--- a/vendor/magento/module-checkout/Controller/Index/Index.php
+++ b/vendor/magento/module-checkout/Controller/Index/Index.php
@@ -32,11 +32,37 @@ class Index extends MagentoCheckoutControllerOnepage
return $this->resultRedirectFactory->create()->setPath('checkout/cart');
}
- $this->_customerSession->regenerateId();
+ // generate session ID only if connection is unsecure according to issues in session_regenerate_id function.
+ // @see http://php.net/manual/en/function.session-regenerate-id.php
+ if (!$this->isSecureRequest()) {
+ $this->_customerSession->regenerateId();
+ }
$this->_objectManager->get(MagentoCheckoutModelSession::class)->setCartWasUpdated(false);
$this->getOnepage()->initCheckout();
$resultPage = $this->resultPageFactory->create();
$resultPage->getConfig()->getTitle()->set(__('Checkout'));
return $resultPage;
}
+
+ /**
+ * Checks if current request uses SSL and referer also is secure.
+ *
+ * @return bool
+ */
+ private function isSecureRequest(): bool
+ {
+ $secure = false;
+ $request = $this->getRequest();
+
+ if ($request->isSecure()) {
+ $secure = true;
+ }
+
+ if ($request->getHeader('referer')) {
+ $scheme = parse_url($request->getHeader('referer'), PHP_URL_SCHEME);
+ $secure = $scheme === 'https';
+ }
+
+ return $secure;
+ }
}
diff --git a/vendor/magento/module-checkout/view/frontend/web/js/proceed-to-checkout.js b/vendor/magento/module-checkout/view/frontend/web/js/proceed-to-checkout.js
index f0679c657ab..0bb0a53ce0a 100644
--- a/vendor/magento/module-checkout/view/frontend/web/js/proceed-to-checkout.js
+++ b/vendor/magento/module-checkout/view/frontend/web/js/proceed-to-checkout.js
@@ -22,6 +22,7 @@ define([
return false;
}
+ $(element).attr('disabled', true);
location.href = config.checkoutUrl;
});
diff --git a/vendor/magento/module-checkout/view/frontend/web/js/sidebar.js b/vendor/magento/module-checkout/view/frontend/web/js/sidebar.js
index 13a2b524e51..93a78e7d34c 100644
--- a/vendor/magento/module-checkout/view/frontend/web/js/sidebar.js
+++ b/vendor/magento/module-checkout/view/frontend/web/js/sidebar.js
@@ -60,13 +60,15 @@ define([
};
events['click ' + this.options.button.checkout] = $.proxy(function () {
var cart = customerData.get('cart'),
- customer = customerData.get('customer');
+ customer = customerData.get('customer'),
+ element = $(this.options.button.checkout);
if (!customer().firstname && cart().isGuestCheckoutAllowed === false) {
// set URL for redirect on successful login/registration. It's postprocessed on backend.
$.cookie('login_redirect', this.options.url.checkout);
if (this.options.url.isRedirectRequired) {
+ element.prop('disabled', true);
location.href = this.options.url.loginUrl;
} else {
authenticationPopup.showModal();
@@ -74,6 +76,7 @@ define([
return false;
}
+ element.prop('disabled', true);
location.href = this.options.url.checkout;
}, this);
diff --git a/vendor/magento/module-customer/Model/Plugin/CustomerNotification.php b/vendor/magento/module-customer/Model/Plugin/CustomerNotification.php
index 3f73c8cdaee..2181e5b4578 100644
--- a/vendor/magento/module-customer/Model/Plugin/CustomerNotification.php
+++ b/vendor/magento/module-customer/Model/Plugin/CustomerNotification.php
@@ -85,11 +85,36 @@ class CustomerNotification
$customer = $this->customerRepository->getById($customerId);
$this->session->setCustomerData($customer);
$this->session->setCustomerGroupId($customer->getGroupId());
- $this->session->regenerateId();
+ if (!$this->isSecureRequest($request)) {
+ $this->session->regenerateId();
+ }
$this->notificationStorage->remove(NotificationStorage::UPDATE_CUSTOMER_SESSION, $customerId);
} catch (NoSuchEntityException $e) {
$this->logger->error($e);
}
}
}
+
+ /**
+ * Checks if current request uses SSL and referer also is secure.
+ *
+ * @param RequestInterface $request
+ *
+ * @return bool
+ */
+ private function isSecureRequest(RequestInterface $request)
+ {
+ $secure = false;
+
+ if ($request->isSecure()) {
+ $secure = true;
+ }
+
+ if ($request->getHeader('referer')) {
+ $scheme = parse_url($request->getHeader('referer'), PHP_URL_SCHEME);
+ $secure = $scheme === 'https';
+ }
+
+ return $secure;
+ }
}
answered Nov 5 '18 at 12:43
Jeff OwensJeff Owens
11
Did you get this resolved?
– tjjen
2 days ago
add a comment |
We are too (Magento Commerce Cloud 2.2.5) -- but for any payment type, not just MO. Magento Support issued us a patch that addresses the PHP issue regarding secure sessions and referral checks...
... but that didn't fix the problem for us -- still getting random redirects to empty cart after the user presses Place Order (potential race condition).
MDVA-10441_EE_2.3.3_v3.composer
diff --git a/vendor/magento/module-checkout/Controller/Index/Index.php b/vendor/magento/module-checkout/Controller/Index/Index.php
index 0a5b7f190e3..9fe760d3fa7 100644
--- a/vendor/magento/module-checkout/Controller/Index/Index.php
+++ b/vendor/magento/module-checkout/Controller/Index/Index.php
@@ -32,11 +32,37 @@ class Index extends MagentoCheckoutControllerOnepage
return $this->resultRedirectFactory->create()->setPath('checkout/cart');
}
- $this->_customerSession->regenerateId();
+ // generate session ID only if connection is unsecure according to issues in session_regenerate_id function.
+ // @see http://php.net/manual/en/function.session-regenerate-id.php
+ if (!$this->isSecureRequest()) {
+ $this->_customerSession->regenerateId();
+ }
$this->_objectManager->get(MagentoCheckoutModelSession::class)->setCartWasUpdated(false);
$this->getOnepage()->initCheckout();
$resultPage = $this->resultPageFactory->create();
$resultPage->getConfig()->getTitle()->set(__('Checkout'));
return $resultPage;
}
+
+ /**
+ * Checks if current request uses SSL and referer also is secure.
+ *
+ * @return bool
+ */
+ private function isSecureRequest(): bool
+ {
+ $secure = false;
+ $request = $this->getRequest();
+
+ if ($request->isSecure()) {
+ $secure = true;
+ }
+
+ if ($request->getHeader('referer')) {
+ $scheme = parse_url($request->getHeader('referer'), PHP_URL_SCHEME);
+ $secure = $scheme === 'https';
+ }
+
+ return $secure;
+ }
}
diff --git a/vendor/magento/module-checkout/view/frontend/web/js/proceed-to-checkout.js b/vendor/magento/module-checkout/view/frontend/web/js/proceed-to-checkout.js
index f0679c657ab..0bb0a53ce0a 100644
--- a/vendor/magento/module-checkout/view/frontend/web/js/proceed-to-checkout.js
+++ b/vendor/magento/module-checkout/view/frontend/web/js/proceed-to-checkout.js
@@ -22,6 +22,7 @@ define([
return false;
}
+ $(element).attr('disabled', true);
location.href = config.checkoutUrl;
});
diff --git a/vendor/magento/module-checkout/view/frontend/web/js/sidebar.js b/vendor/magento/module-checkout/view/frontend/web/js/sidebar.js
index 13a2b524e51..93a78e7d34c 100644
--- a/vendor/magento/module-checkout/view/frontend/web/js/sidebar.js
+++ b/vendor/magento/module-checkout/view/frontend/web/js/sidebar.js
@@ -60,13 +60,15 @@ define([
};
events['click ' + this.options.button.checkout] = $.proxy(function () {
var cart = customerData.get('cart'),
- customer = customerData.get('customer');
+ customer = customerData.get('customer'),
+ element = $(this.options.button.checkout);
if (!customer().firstname && cart().isGuestCheckoutAllowed === false) {
// set URL for redirect on successful login/registration. It's postprocessed on backend.
$.cookie('login_redirect', this.options.url.checkout);
if (this.options.url.isRedirectRequired) {
+ element.prop('disabled', true);
location.href = this.options.url.loginUrl;
} else {
authenticationPopup.showModal();
@@ -74,6 +76,7 @@ define([
return false;
}
+ element.prop('disabled', true);
location.href = this.options.url.checkout;
}, this);
diff --git a/vendor/magento/module-customer/Model/Plugin/CustomerNotification.php b/vendor/magento/module-customer/Model/Plugin/CustomerNotification.php
index 3f73c8cdaee..2181e5b4578 100644
--- a/vendor/magento/module-customer/Model/Plugin/CustomerNotification.php
+++ b/vendor/magento/module-customer/Model/Plugin/CustomerNotification.php
@@ -85,11 +85,36 @@ class CustomerNotification
$customer = $this->customerRepository->getById($customerId);
$this->session->setCustomerData($customer);
$this->session->setCustomerGroupId($customer->getGroupId());
- $this->session->regenerateId();
+ if (!$this->isSecureRequest($request)) {
+ $this->session->regenerateId();
+ }
$this->notificationStorage->remove(NotificationStorage::UPDATE_CUSTOMER_SESSION, $customerId);
} catch (NoSuchEntityException $e) {
$this->logger->error($e);
}
}
}
+
+ /**
+ * Checks if current request uses SSL and referer also is secure.
+ *
+ * @param RequestInterface $request
+ *
+ * @return bool
+ */
+ private function isSecureRequest(RequestInterface $request)
+ {
+ $secure = false;
+
+ if ($request->isSecure()) {
+ $secure = true;
+ }
+
+ if ($request->getHeader('referer')) {
+ $scheme = parse_url($request->getHeader('referer'), PHP_URL_SCHEME);
+ $secure = $scheme === 'https';
+ }
+
+ return $secure;
+ }
}
answered Nov 5 '18 at 12:43
Jeff OwensJeff Owens
11
We are too (Magento Commerce Cloud 2.2.5) -- but for any payment type, not just MO. Magento Support issued us a patch that addresses the PHP issue regarding secure sessions and referral checks...
... but that didn't fix the problem for us -- still getting random redirects to empty cart after the user presses Place Order (potential race condition).
MDVA-10441_EE_2.3.3_v3.composer
diff --git a/vendor/magento/module-checkout/Controller/Index/Index.php b/vendor/magento/module-checkout/Controller/Index/Index.php
index 0a5b7f190e3..9fe760d3fa7 100644
--- a/vendor/magento/module-checkout/Controller/Index/Index.php
+++ b/vendor/magento/module-checkout/Controller/Index/Index.php
@@ -32,11 +32,37 @@ class Index extends MagentoCheckoutControllerOnepage
return $this->resultRedirectFactory->create()->setPath('checkout/cart');
}
- $this->_customerSession->regenerateId();
+ // generate session ID only if connection is unsecure according to issues in session_regenerate_id function.
+ // @see http://php.net/manual/en/function.session-regenerate-id.php
+ if (!$this->isSecureRequest()) {
+ $this->_customerSession->regenerateId();
+ }
$this->_objectManager->get(MagentoCheckoutModelSession::class)->setCartWasUpdated(false);
$this->getOnepage()->initCheckout();
$resultPage = $this->resultPageFactory->create();
$resultPage->getConfig()->getTitle()->set(__('Checkout'));
return $resultPage;
}
+
+ /**
+ * Checks if current request uses SSL and referer also is secure.
+ *
+ * @return bool
+ */
+ private function isSecureRequest(): bool
+ {
+ $secure = false;
+ $request = $this->getRequest();
+
+ if ($request->isSecure()) {
+ $secure = true;
+ }
+
+ if ($request->getHeader('referer')) {
+ $scheme = parse_url($request->getHeader('referer'), PHP_URL_SCHEME);
+ $secure = $scheme === 'https';
+ }
+
+ return $secure;
+ }
}
diff --git a/vendor/magento/module-checkout/view/frontend/web/js/proceed-to-checkout.js b/vendor/magento/module-checkout/view/frontend/web/js/proceed-to-checkout.js
index f0679c657ab..0bb0a53ce0a 100644
--- a/vendor/magento/module-checkout/view/frontend/web/js/proceed-to-checkout.js
+++ b/vendor/magento/module-checkout/view/frontend/web/js/proceed-to-checkout.js
@@ -22,6 +22,7 @@ define([
return false;
}
+ $(element).attr('disabled', true);
location.href = config.checkoutUrl;
});
diff --git a/vendor/magento/module-checkout/view/frontend/web/js/sidebar.js b/vendor/magento/module-checkout/view/frontend/web/js/sidebar.js
index 13a2b524e51..93a78e7d34c 100644
--- a/vendor/magento/module-checkout/view/frontend/web/js/sidebar.js
+++ b/vendor/magento/module-checkout/view/frontend/web/js/sidebar.js
@@ -60,13 +60,15 @@ define([
};
events['click ' + this.options.button.checkout] = $.proxy(function () {
var cart = customerData.get('cart'),
- customer = customerData.get('customer');
+ customer = customerData.get('customer'),
+ element = $(this.options.button.checkout);
if (!customer().firstname && cart().isGuestCheckoutAllowed === false) {
// set URL for redirect on successful login/registration. It's postprocessed on backend.
$.cookie('login_redirect', this.options.url.checkout);
if (this.options.url.isRedirectRequired) {
+ element.prop('disabled', true);
location.href = this.options.url.loginUrl;
} else {
authenticationPopup.showModal();
@@ -74,6 +76,7 @@ define([
return false;
}
+ element.prop('disabled', true);
location.href = this.options.url.checkout;
}, this);
diff --git a/vendor/magento/module-customer/Model/Plugin/CustomerNotification.php b/vendor/magento/module-customer/Model/Plugin/CustomerNotification.php
index 3f73c8cdaee..2181e5b4578 100644
--- a/vendor/magento/module-customer/Model/Plugin/CustomerNotification.php
+++ b/vendor/magento/module-customer/Model/Plugin/CustomerNotification.php
@@ -85,11 +85,36 @@ class CustomerNotification
$customer = $this->customerRepository->getById($customerId);
$this->session->setCustomerData($customer);
$this->session->setCustomerGroupId($customer->getGroupId());
- $this->session->regenerateId();
+ if (!$this->isSecureRequest($request)) {
+ $this->session->regenerateId();
+ }
$this->notificationStorage->remove(NotificationStorage::UPDATE_CUSTOMER_SESSION, $customerId);
} catch (NoSuchEntityException $e) {
$this->logger->error($e);
}
}
}
+
+ /**
+ * Checks if current request uses SSL and referer also is secure.
+ *
+ * @param RequestInterface $request
+ *
+ * @return bool
+ */
+ private function isSecureRequest(RequestInterface $request)
+ {
+ $secure = false;
+
+ if ($request->isSecure()) {
+ $secure = true;
+ }
+
+ if ($request->getHeader('referer')) {
+ $scheme = parse_url($request->getHeader('referer'), PHP_URL_SCHEME);
+ $secure = $scheme === 'https';
+ }
+
+ return $secure;
+ }
}
answered Nov 5 '18 at 12:43
Jeff OwensJeff Owens
11
edited Nov 5 '18 at 12:58
answered Nov 5 '18 at 12:43
Jeff OwensJeff Owens
11
answered Nov 5 '18 at 12:43
Jeff OwensJeff Owens
11
answered Nov 5 '18 at 12:43
Jeff OwensJeff Owens
11
11
Did you get this resolved?
– tjjen
2 days ago
add a comment |
Did you get this resolved?
– tjjen
2 days ago
Did you get this resolved?
– tjjen
2 days ago
Did you get this resolved?
– tjjen
2 days ago
add a comment |
Thanks for contributing an answer to Magento Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f159021%2fmagento-2-user-get-redirected-to-empty-cart-page%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
You should check error log.
– Khoa TruongDinh
Feb 9 '17 at 13:57