Hokuto ShinKen Posted March 18, 2024 Share Posted March 18, 2024 Hi all, I have a problem that started more or less recently with my shop www.staring.es Customers using Firefox based browsers on all OS platforms (Firefox stable, nightly, Tor browser, OSX, Windows, Linux) cannot buy. If they add a product to the cart, and start the checkout process, at some point, the cart will turn empty. It does not happens with other browsers like Chrome, Edge or Safari. Video is attached in order to better see what is going on. Another very very strange thing: few days ago I duplicated the website to dev.staring.es ... and there the problem doesn't occur at all ... 🥲 Any help, clue is welcome (I tried to find on internet similar issues but had no luck). PS version 1.7.8.11 PHP 7.4.33 on uptodate server cart is emptied.mov Link to comment Share on other sites More sharing options...
Nickz Posted March 18, 2024 Share Posted March 18, 2024 On 3/18/2024 at 8:31 PM, Hokuto ShinKen said: I have a problem that started more or less recently with my shop www.staring.es Customers using Firefox based browsers on all OS platforms (Firefox stable, nightly, Tor browser, OSX, Windows, Linux) cannot buy. Expand Did you do something? Any module update, php version, theme change? Link to comment Share on other sites More sharing options...
Hokuto ShinKen Posted March 19, 2024 Author Share Posted March 19, 2024 The thing is that I did more or less in the timeframe PHP minor update I guess, some OS updates or so, no theme update no major module update. And let pay attention to the thing that on my development platform I have not this problem (dev.staring.es and www.staring.es are purely exactly setup the same beside the domain name). Thanks Link to comment Share on other sites More sharing options...
Nickz Posted March 19, 2024 Share Posted March 19, 2024 Those minor updates etc. where done on both platforms? Link to comment Share on other sites More sharing options...
Hokuto ShinKen Posted March 19, 2024 Author Share Posted March 19, 2024 On 3/19/2024 at 3:59 PM, Nickz said: Those minor updates etc. where done on both platforms? Expand Yes, on both. What I did was taking the PROD platform from a state X, duplicated the server (cloning), imported DB files from server PROD to DEV, and the same for public_html files. Used the sed command to substitute all instances of www.staring.es by dev.staring.es from DB dump file and public_html files. Imported the DB dump file to the DEV DB. Then dev.staring.es was up and running and I was able to simulate purchase without facing cart being emptied as I face I PROD server. PROD and DEV are exactly the same from OS versions, packages rpm, up to Prestashop version and module versions. But just in case when I have a moment in a couple of hours I will replicate again the server´s cloning to a dev2.staring.es just to be sure. But I am 99,9999% confident PROD and DEV are the same except the domain name. Thanks Link to comment Share on other sites More sharing options...
Andrei H Posted March 19, 2024 Share Posted March 19, 2024 Hello, This might be related to the SameSite cookie attribute. In order to rule my theory out, can you try and do the following: Go to Admin -> Advanced Parameters -> Administration and in the General section, set Cookie SameSite to None (also, remember the current value - might be Lax). Save and clear the cache then try the payment flow in Firefox again. Please do these steps in the testing website first, just to make sure it doesn't break anything. Once you are done testing, please change that value back to the initial one. Link to comment Share on other sites More sharing options...
Hokuto ShinKen Posted March 19, 2024 Author Share Posted March 19, 2024 On 3/19/2024 at 5:53 PM, Andrei H said: Hello, This might be related to the SameSite cookie attribute. In order to rule my theory out, can you try and do the following: Go to Admin -> Advanced Parameters -> Administration and in the General section, set Cookie SameSite to None (also, remember the current value - might be Lax). Save and clear the cache then try the payment flow in Firefox again. Please do these steps in the testing website first, just to make sure it doesn't break anything. Once you are done testing, please change that value back to the initial one. Expand Hi all and @Andrei H, So I did what. you recommended, and it WORKED !!! Still I do not know why in DEV it works while the the cookies are setup in Lax. So so far, in PROD, cookies are in None. I imagine that I should leave it like this. Not sure if there are some secuirty implication (I am reading now about this). It is completely crazy still. Thanks @Andrei H and everyone, for having paied attention to my none obvious problem. Link to comment Share on other sites More sharing options...
Andrei H Posted March 19, 2024 Share Posted March 19, 2024 Hello, The SameSite attribute does add a layer of security to your website that will protect against CSRF attacks. I would actually recommend trying to find out the actual cause of this issue then try to see if it's possible to fix it. Link to comment Share on other sites More sharing options...
Hokuto ShinKen Posted March 19, 2024 Author Share Posted March 19, 2024 On 3/19/2024 at 7:12 PM, Andrei H said: Hello, The SameSite attribute does add a layer of security to your website that will protect against CSRF attacks. I would actually recommend trying to find out the actual cause of this issue then try to see if it's possible to fix it. Expand Hi @Andrei H and all, Yes I understand then. Thanks for your support and explainations. And yes, troubleshooting where the issue comes from is the next step since I do not want to lower security. Thanks a lot! Link to comment Share on other sites More sharing options...
Andrei H Posted March 19, 2024 Share Posted March 19, 2024 Hello, Just a tip that might be helpful here. You should try and see if there is any module that tries to open your website in an iframe during this checkout process, as that could be the reason behind that issue. Link to comment Share on other sites More sharing options...
Hokuto ShinKen Posted March 19, 2024 Author Share Posted March 19, 2024 On 3/19/2024 at 8:04 PM, Andrei H said: Hello, Just a tip that might be helpful here. You should try and see if there is any module that tries to open your website in an iframe during this checkout process, as that could be the reason behind that issue. Expand Okidoki thanks! Link to comment Share on other sites More sharing options...
Hokuto ShinKen Posted March 19, 2024 Author Share Posted March 19, 2024 On 3/19/2024 at 8:32 PM, Hokuto ShinKen said: Okidoki thanks! Expand Hi @Andrei H and all, No iframe spotted so far. But I thing I remember I did more or less recently have that setup the website to enforce HTTP Strict Transport Security (HSTS). This is the only thing I remember which is cookie related that I changed and that might had some impact. But still it is difficult to think this caused the problem I faced with cookie Lax/none in PROD while in DEV, no issue at all. Thanks again @Andrei H Link to comment Share on other sites More sharing options...
Hokuto ShinKen Posted March 20, 2024 Author Share Posted March 20, 2024 Hi @Andrei H and everyone, So far thanks to Andrei a workaround has been found (set SameSite to none). The underlying problem has not been spotted. And I was wondering if whether I should switch the ticket to "SOLVED" or not. Thanks Link to comment Share on other sites More sharing options...
Hokuto ShinKen Posted March 27, 2024 Author Share Posted March 27, 2024 Well, News here ... Just in case I switched back the Lax for Prestashop cookie as curiosity. And magically, after testing I saw that the checkout process was working fine ... (this is a postergeist case for sure). So we might not know what was the underlying problem, but still I will close this as "fixed", even if I do not like the fact that I do not know what was the problem. Thanks to all for your contribution and support.@Andrei H , @Nickz PS: I am trying to find the way to label in the title of the ticket the work "FIXED" or "SOLVED" , or a way to mark this as closed but I cannot find, please could someone help? Link to comment Share on other sites More sharing options...
.png.022b5452a8f28f552bc9430097a16da2.png)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now