Kryptronic Software Support Forum

You are viewing this forum as a guest. Login to an existing account, or create a new account, to reply to topics and to create new topics.

#1 03-09-2017 06:21:50

kev
Member
Registered: 03-16-2009
Posts: 399

Google Chrome / FireFox Non-SSL Cookie Updates

when in 'Shopping Cart' web page with items in cart click 'Checkout' button and you get this message and the items are removed from the cart.

"Your shopping cart is currently empty. You will be able to check out after adding items to your shopping cart."

I read another recent post about this problem with a reply to update site to full ssl.  My sites are full ssl but this hasn't made a difference

is there a code update for this cookie issue?

Offline

 

#2 03-09-2017 07:54:25

webmaster
Administrator
From: York, PA
Registered: 04-20-2001
Posts: 19834
Website

Re: Google Chrome / FireFox Non-SSL Cookie Updates

There is an issue with the current version of Chrome, where if you are running a mixed-URL site (Non-SSL and SSL), and first access (get a cookie) from an SSL URL (very rare, except for admins), you may run into a problem.  You say you're running full SSL, so this should not be an issue for you.  Can you post a URL so we can see the problem in action?


Nick Hendler

Offline

 

#3 03-09-2017 08:14:19

kev
Member
Registered: 03-16-2009
Posts: 399

Re: Google Chrome / FireFox Non-SSL Cookie Updates

Offline

 

#4 03-09-2017 11:35:30

west4
Member
From: UK
Registered: 04-16-2008
Posts: 646
Website

Re: Google Chrome / FireFox Non-SSL Cookie Updates

Hi Kev,

Mac running OSX 10.11 using Firefox 51.  Checkout button takes me to the create account page like it should...
Chrome 52. also takes me to the Create account page from the cart checkout button.

Cheers,
Bruce.


I'd rather have a full bottle in front of me, than a full frontal labotomy.

Offline

 

#5 03-09-2017 11:47:26

zanart
Member
From: bedford
Registered: 04-02-2008
Posts: 1716

Re: Google Chrome / FireFox Non-SSL Cookie Updates

Chrome 56 on Windows, and the problem does happen intermittently.
If you go to the site and then navigate back the home page before adding an item, you can checkout correctly.
However, if you go direct to site, add a product, the problem occurs.


Rob

Offline

 

#6 03-09-2017 12:39:05

kev
Member
Registered: 03-16-2009
Posts: 399

Re: Google Chrome / FireFox Non-SSL Cookie Updates

Thanks for testing this issue west4 and zanart and verifying that it is a real issue!

As you say the problem does happen intermittently. A few regular customers made me aware of it so I tested it myself.  Obviously there will be new customers and current customers that intend to place an order and then this happens and they just go elsewhere to buy stuff without even contacting me.

I hope that Nick can fix this issue because I can only assume that I am losing orders (revenue) because of this issue. 

I think the problem is related to browser cookies but I don't know how to stop it from happening.

Offline

 

#7 03-09-2017 14:28:43

Iceit88
Member
From: Fairview, PA
Registered: 11-19-2003
Posts: 549
Website

Re: Google Chrome / FireFox Non-SSL Cookie Updates

Is anyone seeing a much higher number of abandoned carts in the past 2 weeks?  We are experiencing almost 300% increase in people starting but not finishing checkouts ("Pending Payment") recently and I am wondering if it could be related???


Bryan

Hat Trick Sports, LLC

Offline

 

#8 03-09-2017 15:34:06

kev
Member
Registered: 03-16-2009
Posts: 399

Re: Google Chrome / FireFox Non-SSL Cookie Updates

I converted 4 websites to full SSL a few weeks ago and orders have dropped significantly since then.  The Europacart produced sitemaps are now https urls so the search engines should hopefully be replacing the old http urls with https equivalents.

Offline

 

#9 03-09-2017 23:36:21

zanart
Member
From: bedford
Registered: 04-02-2008
Posts: 1716

Re: Google Chrome / FireFox Non-SSL Cookie Updates

Nick, can you post the mod required to turn v8 to full ssl??


Rob

Offline

 

#10 03-10-2017 11:24:01

webmaster
Administrator
From: York, PA
Registered: 04-20-2001
Posts: 19834
Website

Re: Google Chrome / FireFox Non-SSL Cookie Updates

There are two methods to combat this issue for all versions of the software V6-V8:

(1) Edit {private}/core/CORE_Session/CORE_Session.php and in the setcookie() function, always set secure to false. This is not recommended due to the fact that it's not PCI compliant, however this will work on sites which do not process cards under PCI.

(2) Switch the site to full SSL.  To accomplish this, two updates are needed:

1. Run your installer.php script and change your Non-SSL URL and related cookie domain and path to match your SSL URL and cookie domain and path values.  Run the installer up to and including the registration step, but there's no need to run it further.  No need to update any software either.  If both your URLs are similar (ie, vary only by http-vs-https or www-vs-nonwww) then there will be no need to contact Kryptronic regarding a URL change when you submit the new registered URL for the site.

2. Access your management interface using the new URL and then navigate to System / Database / Raw Database Admin, choose to Submit a Raw SQL Statement, and submit the following SQL statement:

UPDATE core_namespaces SET hreftype='SSL' WHERE hreftype='Non-SSL'

You can also do a http->https rewrite at the top of your .htaccess file if you wish, but be aware this is generally unnecessary on V8 as it will rewrite all those cases automatically.


Nick Hendler

Offline

 

#11 03-11-2017 06:40:21

kev
Member
Registered: 03-16-2009
Posts: 399

Re: Google Chrome / FireFox Non-SSL Cookie Updates

I followed the steps in option (2) but the cookie issue with checkout is still evident.

run the below test scenario which will recreate the steps a new customer would use to access your website to purchase something.

open a browser (i used chrome because my server webstats show that 65.3% of visitors are using Chrome to access my website) choose 'clear browsing data' and clear all cookie data then

type in url https://www.mycompleteoffice.co.uk and proceed to add a product to basket then

in the shopping cart web page click the 'Checkout' button and look at the result - I get below result

'Your shopping cart is currently empty. You will be able to check out after adding items to your shopping cart.'  At that point the customer will leave the website frustrated and think that website doesn't work properly and never come back so no new customer order or repeat orders from that customer.

I used to be a software developer albeit 16 years ago (Delphi long time ago in a distant galaxy) and would consider this bug as a top priority, serious business critical issue for an ecommerce app!

Will resorting to option (1) as a fix for this cookie issue produce non-secure web page warnings to users in browser interfaces?

Last edited by kev (03-11-2017 06:55:13)

Offline

 

#12 03-11-2017 07:03:23

zanart
Member
From: bedford
Registered: 04-02-2008
Posts: 1716

Re: Google Chrome / FireFox Non-SSL Cookie Updates

I have cleared cache and cookies in chrome.
Gone to my site(which I haven't modified to full ssl yet, but the checkout pages are secure), and I don't have this issue following your steps above.
I have also tried your site, which is full SSL, and I don't have the issue either.

It definitely had a problem yesterday, but since you have carried out this mod, there are no issues that I can see, and I have tried numerous times.


Rob

Offline

 

#13 03-11-2017 08:42:44

larry
Member
Registered: 07-21-2003
Posts: 437

Re: Google Chrome / FireFox Non-SSL Cookie Updates

We can confirm that #2 option works, and takes only a couple of minutes to implement.

If there are any shopping carts "out there" that were loaded when not under SSL, will they appear empty now when going to checkout or the cart page?


Laurie Stephens




Offline

 

#14 03-11-2017 11:56:02

kev
Member
Registered: 03-16-2009
Posts: 399

Re: Google Chrome / FireFox Non-SSL Cookie Updates

I've updated Chrome and ran another test and it did it again on my PC.  This is driving me nuts...

"change your Non-SSL URL and related cookie domain and path to match your SSL URL and cookie domain and path values"

Perhaps I've got the installer settings wrong?

Non-Secure (Non-SSL) URL* = https://www.mycompleteoffice.co.uk
Secure (SSL) URL* = https://www.mycompleteoffice.co.uk
Non-Secure (Non-SSL) Cookie Domain* = .mycompleteoffice.co.uk
Non-Secure (Non-SSL) Cookie Path* = /
Secure (SSL) Cookie Domain* = .mycompleteoffice.co.uk
Secure (SSL) Cookie Path* = /

Microsoft browsers are fine and also now Firefox but Chrome is still giving me the empty cart issue!

Offline

 

#15 03-11-2017 12:27:22

larry
Member
Registered: 07-21-2003
Posts: 437

Re: Google Chrome / FireFox Non-SSL Cookie Updates

kev wrote:

I've updated Chrome and ran another test and it did it again on my PC.  This is driving me nuts...

Your site works fine using Chrome Version 57.0.2987.98 (64 bit) on a Mac.


Laurie Stephens




Offline

 

#16 03-11-2017 14:27:26

kev
Member
Registered: 03-16-2009
Posts: 399

Re: Google Chrome / FireFox Non-SSL Cookie Updates

Thanks larry

I'm gonna run some more tests on friends PCs

Offline

 

#17 03-11-2017 18:11:15

larry
Member
Registered: 07-21-2003
Posts: 437

Re: Google Chrome / FireFox Non-SSL Cookie Updates

at the risk of revealing that we even own a copy of windows 10,  we can confirm that your site works on the latest version of chrome on windows 10.


Laurie Stephens




Offline

 

#18 03-12-2017 04:00:09

kev
Member
Registered: 03-16-2009
Posts: 399

Re: Google Chrome / FireFox Non-SSL Cookie Updates

I'm running windows 7 64bit and wondered if that had anything to do with it.  I'm glad that it runs on Mac's and other peoples computers as I was worried about lost sales revenue.  I've got an old laptop running XP so I'll test it on that.

Offline

 

#19 03-13-2017 18:10:01

webmaster
Administrator
From: York, PA
Registered: 04-20-2001
Posts: 19834
Website

Re: Google Chrome / FireFox Non-SSL Cookie Updates

Both options are a fix for all browsers / all versions.


Nick Hendler

Offline

 

#20 12-21-2017 17:43:29

dskowron
Member
Registered: 11-26-2008
Posts: 142

Re: Google Chrome / FireFox Non-SSL Cookie Updates

This may or may not be related - I feel it is - but when I open the back end to work in the store and open another browser tab (window, etc.) and try to log into the online store I cannot move from the login screen without getting kicked out. I have to log out of the back end, close that window and log out of the front end, then clear cookies before I can log into the front end to see my work.

I tried Nick's #1 mod above and it didn't work.

Offline

 

#21 12-22-2017 09:03:28

webmaster
Administrator
From: York, PA
Registered: 04-20-2001
Posts: 19834
Website

Re: Google Chrome / FireFox Non-SSL Cookie Updates

You've got something wrong, likely with your cookie settings that are entered in your installer (they show up in the private config.php file).


Nick Hendler

Offline

 

#22 12-23-2017 21:30:03

dskowron
Member
Registered: 11-26-2008
Posts: 142

Re: Google Chrome / FireFox Non-SSL Cookie Updates

webmaster wrote:

You've got something wrong, likely with your cookie settings that are entered in your installer (they show up in the private config.php file).

I edited the config.php as you directed. I then ran the SQL statement. My Win 7 installation of Chrome now works whereas it didn't before.

I'll check my Win 10 installations later.

So far, Dilly Dilly!

Offline

 

#23 12-24-2017 10:13:29

dskowron
Member
Registered: 11-26-2008
Posts: 142

Re: Google Chrome / FireFox Non-SSL Cookie Updates

My Win 10 machines work now too! Merry Christmas! Woo-Hoo!

Offline

 

#24 12-27-2017 07:57:05

Murphys001
Member
Registered: 09-06-2014
Posts: 23

Re: Google Chrome / FireFox Non-SSL Cookie Updates

Hello,
I have a similar problem; would this be normal?
Using Chrome under windows 7 64 bit, if I log in to the store backend (as admin) and then open up a separate window / tab for the store, then I am automatically logged in to the store using my admin user details. If I log out from the store I am automatically logged out of the backend.
In summary, I cannot be logged into the backend and the store at the same time.
Would this be normal?

Offline

 

#25 12-27-2017 09:50:02

dskowron
Member
Registered: 11-26-2008
Posts: 142

Re: Google Chrome / FireFox Non-SSL Cookie Updates

Murphys001 wrote:

Hello,
I have a similar problem; would this be normal?
Using Chrome under windows 7 64 bit, if I log in to the store backend (as admin) and then open up a separate window / tab for the store, then I am automatically logged in to the store using my admin user details. If I log out from the store I am automatically logged out of the backend.
In summary, I cannot be logged into the backend and the store at the same time.
Would this be normal?

It is NOT normal. That's the whole point of this thread. I did what Nick suggested in his 2nd piece of advice above and it worked for me. Your other alternative is to create another user and give that one the same account type as you and use that account to log into the front end. It's a bit unwieldy when you want to "audition" a product or category.

Edit: I mesread your question. Sorry. :-)

Last edited by dskowron (12-28-2017 10:25:54)

Offline

 

Board footer