cart sessions disappearing between pages in Chrome

Having a problem with the latest build of Chrome on one of our sites. The cart session is getting wiped every time a user navigates between pages. I have been able to reproduce it. This is only occurring in Chrome. Firefox and Safari are unaffected. Also, it seems that this problem may have started most recently with update to the latest build of Chrome, which was rolled out within the last 10 days. I had seen this same problem on this specific site back in September of this year, and determined at that time that it was also related to a specific build of Chrome. When it happened the first time I was able to resolve it by updating the Chrome browser to the newest build back then (early September). Now it seems that the problem is back, but Chrome is updated to the latest build (70.0.3538.110).

I have been unable to recognize any obvious errors that would be causing this issue. Please investigate as soon as possible and let me know if there's anything that I can do on our side to resolve this, or if there's something you need to do on your side. This is occurring on only one of our sites, and not another, but both use FoxyCart.

I will whisper affected site URL and login credentials for you to test.
Comments
  • brettbrett FoxyCart Team
    Hi @Geoffrey
    I've tried on the same version of Chrome, and it seems fine to me. Is this perhaps happening only with a specific product? We did see recently a way to goof up sessions by passing certain characters in an h: session parameter (the name portion). That was making the sessions disappear, but only on certain products.
  • GeoffreyGeoffrey Member
    edited November 30
    @brett,

    No. This is happening on all products for me, as well as another employee who tested on a different machine, and for the customer who most recently reported this problem to us. I just tried clearing all the browser cookies associated with this site URL as well, but that has not had any effect. The problem persists. It does not appear to matter which products are added. Once we navigate to a new page on the site after adding anything to the cart, the whole cart is wiped.

    We are using the stated version of Chrome in OSX. I don't know if that makes any difference.

    From what I can see, I don't believe we are passing any h: session parameters in the add to cart forms.
  • fc_adamfc_adam FoxyCart Team
    @Geoffrey,

    Thanks for the update. I've been trying to replicate this on my system too, which is similar to you, running OSX and the latest version of Chrome. Every time I add a product to the cart, and proceed to a different page, the cart session loads again without any problem with the product I added still present.

    Could you perhaps try running this in the console in Chrome on each page load - and see if the session ID remains the same, or if it's creating a new one on each page load: FC.json.session_id

    Also under Chrome's Settings > Advanced > Content Settings > Cookies - could you confirm if the "Block third-party cookies" setting is enabled or disabled?

    Would it be possible to take a recording of your session that we could see too? That way we can try to replicate the steps exactly as you're doing the, to see if that helps. If you'd prefer to keep the recording private, you can whisper us a link, or you can send it to our helpdesk too.
  • @fc_adam, thanks for the response. I'll run those tests and report back.
  • @fc_adam, so I tested this again this morning on my own machine with nothing else changed since my post from yesterday, and I found the problem to have disappeared. The cart session is no longer getting wiped for me. When I get the FC.json.session_id in the console, it persists between pages as it should.

    This is baffling to me, since I have not made any further changes since my last test yesterday -- when this problem was very much still present. The only difference between my tests yesterday and my tests now is that I'm working from a different location. Same device, same browser version, just a different user IP address.

    I coordinated with another member of the business who is at yet another location and asked them to run the same diagnostic tests today. He reported that the problem discussed is still happening in his environment. Here is a rundown of the diagnostic process he ran at my direction, along with the results:

    1. Add item to the cart, and return FC.json.session_id in the browser console.
    result = Session ID after adding one item (Laoshan Black) to cart: "e5oh8e6mabapb01cjqk4p0inc2"

    2. Navigate to SOLUTIONS page, and return FC.json.session_id in the browser console.
    result = Cart has been wiped and is empty. Session ID after navigating to SOLUTIONS: "1b0vit5681pm2avcjevansvts5"

    3. Confirm version of Chrome browser.
    result = Version 69.0.3497.100 (Official Build) (64-bit)

    4. Update Chrome browser to latest version, restart browser and re-run test.
    result = Chrome updated to Version 70.0.3538.110 (Official Build) (64-bit).
    Session ID after adding items to cart: "6mugpc4rc4keqj1dc8q6rnd9n7".
    Session ID after navigating to SOLUTIONS page: "1b0vit5681pm2avcjevansvts5". (Cart wiped)


    5. Confirm if the "Block third-party cookies" setting is enabled or disabled?
    result = "Block third-party cookies" was set to enabled.

    6. Disable "Block third-party cookies" setting, restart browser and re-run test.
    result = Session ID after adding items: "tdpsu899j1qlcuinr58m5ei2c6".
    Session ID after navigating to another page on the site:"1b0vit5681pm2avcjevansvts5" (Cart wiped)


    So what has become clear in looking at these results is that the same session ID of "1b0vit5681pm2avcjevansvts5" appears to be reapplying itself whenever the user navigates to a different page. Does this give you any indication of what might be happening here?
  • brettbrett FoxyCart Team
    Hi @Geoffrey. We've identified the issue. You've got two separate Foxy accounts (retail and wholesale), and you're getting session conflicts/bleed between the two. This page has a little more info about what's happening:
    https://wiki.foxycart.com/v/2.0/javascript#sessions_cookies

    You've got (using example.tld as the domain) example.tld and wholesale.example.tld. By default, the Foxy js is setting the cookie at example.tld for `.example.tld`. That cookie then is passed through to requests for all subdomains. So if you visit example.tld first, get a session for that domain, then visit the wholesale subdomain, things will get squirrely.

    The Foxy js allows for isolating cookies, but we can only do that by either path (like example.tld/foo/* and example.tld/bar/*) or subdomain (like retail.example.tld and wholesale.example.tld). The key here is that, in either approach, you can't have a cookie being set "higher". Like you can't have example.tld/* and example.tld/foo/*.

    In your case, my thoughts are:
    1. Instead of forcing www.example.tld to redirect to example.tld, do it the other way. So your retail customers and Foxy store would be at www.example.tld, and your wholesale would be at wholesale.example.tld. Note that you'd need to explicitly set the siteDomain value in the Foxy js config to prevent it from setting the cookie at .example.tld (because we'll assume that if you're at www.example.tld, you actually want the cookie at .example.tld).

    2. Instead of using wholesale as a subdomain, move your example.tld site to example.tld/retail/*, and move your wholesale.example.tld to example.tld/wholesale/*

    3. Move the wholesale site to a completely different domain, like example-wholesale.tld or something.

    Of those, the first option seems like the easier approach. #3 might also be doable, depending on how your system's set up. #2 would work my assumption is that it'd be more difficult, though I could be totally wrong there.

    Does that make sense? Thoughts?
  • @brett, thank you for the response. I have a question. In the first solution you proposed, you said:
    you'd need to explicitly set the siteDomain value in the Foxy js config to prevent it from setting the cookie at .example.tld
    How exactly do I go about doing that part?
  • @brett, you can disregard my question. We are going to go with solution #3 instead.
  • brettbrett FoxyCart Team
    @Geoffrey sounds good. Definitely let us know if we an help.
Sign In or Register to comment.