Okay.
I know some of you have problems with cart emptying during checkout. I have confirm the bug. Affects Google Chrome and probably a number of browsers.
BUG
It’s a cookie issue. Cookie set to a subdomain can’t be access by another subdomain within the same domain name.
For example:
www.domain.com
secure.domain.com
Each above has its own session ID.
FIX
modify
file: core/class.session.php
change:
static function set_params()<br />
{<br />
$host = defined('HTTPS') ? Registry::get('config.https_host') : Registry::get('config.http_host');<br />
<br />
if (strpos($host, '.') !== false) {<br />
// Check if host has www prefix and remove it<br />
$host = strpos($host, 'www.') === 0 ? substr($host, 3) : '.' . $host;<br />
} else {<br />
// For local hosts set this to empty value<br />
$host = '';<br />
}<br />
<br />
ini_set('session.cookie_lifetime', SESSIONS_STORAGE_ALIVE_TIME);<br />
ini_set('session.cookie_domain', $host);<br />
ini_set('session.cookie_path', Registry::get('config.current_path'));<br />
ini_set('session.gc_divisor', 10); // probability is 10% that garbage collector starts<br />
}<br />
```<br />
<br />
To:<br />
<br />
```php
static function set_params()<br />
{<br />
$host = defined('HTTPS') ? Registry::get('config.https_host') : Registry::get('config.http_host');<br />
<br />
if ((strpos($host, '.') !== false) && (!preg_match('/\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/',$host))) {<br />
// Check if host has www prefix and remove it<br />
$host = preg_replace('/^[^\.]*\.([^\.]*)\.(.*)$/', '\1.\2',$host); <br />
} else {<br />
// For local hosts set this to empty value<br />
$host = '';<br />
}<br />
<br />
ini_set('session.cookie_lifetime', SESSIONS_STORAGE_ALIVE_TIME);<br />
ini_set('session.cookie_domain', $host);<br />
ini_set('session.cookie_path', Registry::get('config.current_path'));<br />
ini_set('session.gc_divisor', 10); // probability is 10% that garbage collector starts<br />
}
```<br />
<br />
<br />
What does the modification do?<br />
<br />
Basically 2 things.<br />
<br />
1. Before, it only strips out the subdomain 'www' from the $host, so something like 'secure.domain.com' does not get the suddomain 'secure' stripped out. Only 'www.domain.com' gets stripped to '.domain.com'. <br />
<br />
After the modification, any subdomain gets stripped out to '.domain.com'<br />
<br />
<br />
2. Ignores $host that is a CNAME such as "localhost" or set to an IP Address such as "127.0.0.1" . You don't want to strip '127.0.0.1' to '.0.0.1'. I often use IP Addresses for testing on a local server.