BUG: Cart empties during checkout [FIXED] - cscart 2.0 up to 2.0.12

hyteckit · March 16, 2010, 12:00am

Okay.

I know some of you have problems with cart emptying during checkout. I have confirm the bug. Affects Google Chrome and probably a number of browsers.

BUG

It’s a cookie issue. Cookie set to a subdomain can’t be access by another subdomain within the same domain name.

For example:

www.domain.com

secure.domain.com

Each above has its own session ID.

FIX

modify

file: core/class.session.php

change:

	static function set_params()<br />
	{<br />
		$host = defined('HTTPS') ? Registry::get('config.https_host') : Registry::get('config.http_host');<br />
<br />
		if (strpos($host, '.') !== false) {<br />
			// Check if host has www prefix and remove it<br />
			$host = strpos($host, 'www.') === 0 ? substr($host, 3) : '.' . $host;<br />
		} else {<br />
			// For local hosts set this to empty value<br />
			$host = '';<br />
		}<br />
<br />
		ini_set('session.cookie_lifetime', SESSIONS_STORAGE_ALIVE_TIME);<br />
		ini_set('session.cookie_domain', $host);<br />
		ini_set('session.cookie_path', Registry::get('config.current_path'));<br />
		ini_set('session.gc_divisor', 10); // probability is 10% that garbage collector starts<br />
	}<br />

```<br />
<br />
To:<br />
<br />
```php
	static function set_params()<br />
	{<br />
		$host = defined('HTTPS') ? Registry::get('config.https_host') : Registry::get('config.http_host');<br />
<br />
		if ((strpos($host, '.') !== false) && (!preg_match('/\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/',$host))) {<br />
			// Check if host has www prefix and remove it<br />
			$host = preg_replace('/^[^\.]*\.([^\.]*)\.(.*)$/', '\1.\2',$host); <br />
		} else {<br />
			// For local hosts set this to empty value<br />
			$host = '';<br />
		}<br />
<br />
		ini_set('session.cookie_lifetime', SESSIONS_STORAGE_ALIVE_TIME);<br />
		ini_set('session.cookie_domain', $host);<br />
		ini_set('session.cookie_path', Registry::get('config.current_path'));<br />
		ini_set('session.gc_divisor', 10); // probability is 10% that garbage collector starts<br />
	}
```<br />
<br />
<br />
What does the modification do?<br />
<br />
Basically 2 things.<br />
<br />
1. Before, it only strips out the subdomain 'www' from the $host, so something like 'secure.domain.com' does not get the suddomain 'secure' stripped out.  Only 'www.domain.com' gets stripped to '.domain.com'. <br />
<br />
After the modification, any subdomain gets stripped out to '.domain.com'<br />
<br />
<br />
2. Ignores $host that is a CNAME such as "localhost" or set to an IP Address such as "127.0.0.1" .  You don't want to strip '127.0.0.1' to '.0.0.1'.  I often use IP Addresses for testing on a local server.

hyteckit · March 16, 2010, 12:00am

One more thing.

Be sure to remove your cookies after making the modification for it to take effect.

You still have 2 sets of cookies, one of each subdomain.

roban · March 16, 2010, 12:00am

Thanks for sharing your fix. Much appreciated.