Okay.
I know some of you have problems with cart emptying during checkout. I have confirm the bug. Affects Google Chrome and probably a number of browsers.
BUG
It’s a cookie issue. Cookie set to a subdomain can’t be access by another subdomain within the same domain name.
For example:
www.domain.com
secure.domain.com
Each above has its own session ID.
FIX
modify
file: core/class.session.php
change:
```php
static function set_params()
{
$host = defined(‘HTTPS’) ? Registry::get(‘config.https_host’) : Registry::get(‘config.http_host’);
if (strpos($host, ‘.’) !== false) {
// Check if host has www prefix and remove it
$host = strpos($host, ‘www.’) === 0 ? substr($host, 3) : ‘.’ . $host;
} else {
// For local hosts set this to empty value
$host = ‘’;
}
ini_set(‘session.cookie_lifetime’, SESSIONS_STORAGE_ALIVE_TIME);
ini_set(‘session.cookie_domain’, $host);
ini_set(‘session.cookie_path’, Registry::get(‘config.current_path’));
ini_set(‘session.gc_divisor’, 10); // probability is 10% that garbage collector starts
}
```
To:
```php
static function set_params()
{
$host = defined(‘HTTPS’) ? Registry::get(‘config.https_host’) : Registry::get(‘config.http_host’);
if ((strpos($host, ‘.’) !== false) && (!preg_match(‘/\b\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}\b/’,$host))) {
// Check if host has www prefix and remove it
$host = preg_replace(‘/^[^.].([^.]).(.*)$/’, ‘\1.\2’,$host);
} else {
// For local hosts set this to empty value
$host = ‘’;
}
ini_set(‘session.cookie_lifetime’, SESSIONS_STORAGE_ALIVE_TIME);
ini_set(‘session.cookie_domain’, $host);
ini_set(‘session.cookie_path’, Registry::get(‘config.current_path’));
ini_set(‘session.gc_divisor’, 10); // probability is 10% that garbage collector starts
}
```
What does the modification do?
Basically 2 things.
- Before, it only strips out the subdomain ‘www’ from the $host, so something like ‘secure.domain.com’ does not get the suddomain ‘secure’ stripped out. Only ‘www.domain.com’ gets stripped to ‘.domain.com’.
After the modification, any subdomain gets stripped out to ‘.domain.com’
- Ignores $host that is a CNAME such as “localhost” or set to an IP Address such as “127.0.0.1” . You don’t want to strip ‘127.0.0.1’ to ‘.0.0.1’. I often use IP Addresses for testing on a local server.