Please help with below in Magento:
Issue: stale cookie leading to failure of AddtoCart.
Cookie domain was domain.com with expiry of 1 month. It was changed to www.domain.com with same expiry.
The cookies are not getting refreshed. We have cleared all the caches on server side but the cookies are not getting cleared on browser side.
We have tried updating/renew the cookies but it is not helping.
Browser is sending both the cookies in request.
Can anyone please suggest what is to be done to sort this out?
please check your cookie domain setting in
System > Config > Web > Session Cookie Management
It needs to exactly match your domain (including www). Also check if you have all correctly set for the storeview.
Related
On one of the wordpress websites, I deactivated all plugins, tried searching on google to find the origin of this cookie (f5_cspm) but I am not able to understand how this cookie is generated. I modified the server configurations by referring the link - Secure cookie with HttpOnly and Secure flag in Apache
The version of the httpd server I am using is 2.2.15. The value of this cookie is "1234". A very strange value too. I would like to know if this a bogus cookie, and if not then I need to set the "httponly" and "secure" attributes for this cookie. On the wordpress admin panel, I see this same cookie being generated 3 times! Please help me understand if I can ignore this cookie.
That is the analytics cookie from the AVR module on the F5 BIG-IP Local Traffic Manager, an application deliver controller that sits in front of web/app servers. If you do not control this infrastructure layer in front of your site, you cannot change the behaviors between clients and the proxy. Your provider might be able to assist, however.
I send the user to the bank site for online payment.
After the user returned from the bank site to my site, the site cookies were completely removed.
This problem has occurred to me recently and is not a problem in Firefox browser.
What is the cause of this problem?
My site is with PrestaShop
If this issue only persist in Chrome, i am guessing it could be an issue with Chrome disabling "SameSite" cookies as default value.
Allow cross-origin cookies:
go to /yourstore/.htaccess and add on top of this file the code SameSite=None
Make sure to clear your brower cookies
More details about SameSite cookies can be found here
I know that websites store cookies to validate users on different websites of the same domain , but when I tried to replicate it on my gmail account it didn't work.
I am using editthiscookie to export and then import cookies in the incognito browser .
Theoretically the browser should log me into my gmail account but it doesn't happen.
I had read it somewhere that the servers on the backend check the ip , but that shouldn't be the problem as it's my own PC both the time.
So what's wrong going on ??
Note:
1. EditThisCookie shows all the cookies including 'HttpOnly' and 'Secure'
2. I haven't logged off from my account on the other browser session i.e. the normal session (in case anyone might think of cookie expiration ).
Incognito mode operates as a clean slate, it does not have access to cookies from normal mode.
I have a strange issue with my Laravel project. Can't find out, when it first started - I can only login/logout opening the app in the incognito tab. And in the normal tab it won't log me out, when I am already logged in and after I deleted the session info in the storage I was unable to ever login.
I have set a SESSION_DOMAIN previously in the env and I faced another issue, unable to login with Laravel Socialite on www.* subdomain. Later I deleted the SESSION_DOMAIN property, because it did not solve the issue.
After some research I found that:
The problem has occurred because I set and SESSION_DOMAIN in the .env file. When I do that during logging in on the local environment, the problem occurs even when I am in the incognito tab. Though I can remove and then reload the incognito pages again, the problem disappears for incognito tabs.
I didn't use Laravel, so might not fully understand how SESSION_DOMAIN should work there, but the problem seems to be due to existing a cookie set on higher domain.
For example, your code is working on domain 'sales.domain.com'. When you create a session in Laravel, it would put a cookie that's valid on that domain. It then can be removed using the same "set cookie" request but with date in the past. This is how it normally works.
But if someone (maybe your code) some time ago also set a cookie with the same name, but valid on all subdomains or '.domain.com', it can't be removed by "set cookie" request that removes it from 'sales.domain.com'.
To check this, use Firebug or Chrome dev tools to see the request header when doing request to 'sales.domain.com' and just 'domain.com'. Note the "Cookie" header. If the same cookie is present on both request, this confirms my guess. You can solve this by clearing cookies in browser.
See also https://en.wikipedia.org/wiki/HTTP_cookie#Domain_and_Path
Maybe you meet the problem with the subdomain cookie name. If subdomain uses same Laravel framework. Try to change Session Cookie Name in config/session.php to unique name between the main domain and the subdomain.
I experienced the same issue when trying to login to my utility provider to pay by bill online. I tried everything suggested from clearing cookies to the cache and several other suggestions that either did not apply or plain did not work. It wasn't until I started trying different options within settings that I came across my resolution. I thought deleting cookies was the fix until I refreshed the page and/or logged off and tried to login again that I received the blank page with the header "THE SPECIFIED URL CAN NOT BE LOCATED" and once again only worked if I went into incognito mode.
The resolution that fixed this issue completely for me was to go into settings and turn off "DO NOT TRACK". I hope this is helpful to at least one person.
Thank You
we've recently done some installation but I'm facing issues with one pc in particular and its baffling. We have a webapplication installed on our local server which is accessed by all our workstations. FOr some reason we can't log into our webapplication using one workstation. The application is a PHP MYSQL collaboration system. I double checked and for some really odd reason whenever we login it creates a session ID but upon logging in and redirecting to another page the session is broken and a new session id is generated thus the individual is automatically logged out again.
What could be the issue here - is its a firewall thing - its not the web application as we can access it fine via the other workstations. We even disabled the firewall but in all cases that single dumb workstation seems to have an issue with maintaining the session.
Help please - I'm sure its an issue confined to that one PC - what could it be.
Update
The authentication sequence is as follows:
Login
Authenticate user
Build session
Store session variables with session ID in db
Redirect
SESSION variables are empty - a new session ID is generated
Since new session ID is not of an authenticated user - return to login
More details
SSL is not enabled
Cookies are enabled are on the problem machine
UPDATE
I don't understand how can redirection be the problem here. My redirection code is as follows I'm using the following function to redirect to the index page upon successful login.
function _redirect($url)
{
#To redirect to a specified page
if(headers_sent())
echo "<meta http-equiv=\"refresh\" content=\"0;URL=$url\">";
else
header("Location:$url");
exit;
}
Plus even if it is an issue why is it a problem on just one PC and not on the others? I don't wish to change my code just to accommodate one system as opposed to fixing whats wrong with that one system which is preventing it from behaving in the first place.
MORE UPDATE
I just double checked and found something odd. My login is ajax based i.e. a request is made via ajax if it is a success the session variables are generated and a boolean 1 is sent back upon receiving the user is redirected via a javascript call which is:
function _redirect(url)
{
window.location = url;
}
I commented out this call and instead when the user is logged in I manually go to the index page and it works fine!! What is the javascript redirect messing up in this one pc thats not messing up in the other workstations is beyond me :( How do I fix this?
It sounds like the cookie is not being set and sent back to the server properly on this machine. Verify that you have cookies enabled and that you don't have some 3rd party browser extension or other software blocking cookies.
what browser are you using on this workstation? IE? Firefox? Have you tried different web browsers? Tried checking the browser settings yet? What is the time out set to? Is the time on the server and workstartion syncing properly with ntp?
In IE you can disable accepting of sessions cookies if the security is set to high I believe.
If you're losing the session, it's likely because the session cookie is not being transmitted. Does the browser on that machine have cookies enabled? Are you using SSL for your login page? Does your login code do anything besides validate a username/password (e.g. validate an IP address or machine name)?
Edit
Can you verify with Fiddler/Wireshark that the session cookie is transmitted when you redirect? Can we see some example login code?
I misunderstood the question to begin with (hence my edit history)
What is the domain the login is on and the main site is on? If it's between domains (could be anything like sending between example.com and www.example.com)