[SOLVED] Conflicting cookies - can't login or add to cart

[LmanCZ]

Hello everyone,

 

I recently added SSL encryption to our site using Let's encrypt on Linux/Apache server we use for hosting. Everything seems to be working fine. But.

 

For some users, login and add to cart is not working. When you try to log in, the login page simply refreshes and nothing happens. When you provide invalid login and/or password, error appears. Also once you click "add to cart" you get a confirmation "product added to your cart", if you add another, you still have only one product in cart. When you go to the cart page, it shows the cart is empty.

 

https://www.mysite.com or https://mysite.com) when you access the page through http:// or just address (www.)mysite.com it will set different cookies and you can't login.

 

There are two identical cookies set from domain www.nanowax.cz and nanowax.cz and that is I believe the problem.

 

I believe the problem might be in BO settings SEO&URL -> domain and ssl domain which is both set to "www.nanowax.cz". I didn't want to change those values as I might break something completely and I am not the one who was setting up the shop. I also get a warning when I login into BO in the dashboard : "You are connected with domain name nanowax.cz That is different from what is set in SEO&URL..."

 

Any help is appreciated as this might turn out to be a big problem...What do I need to change in order to fix this. Also is there a way how to force "flushing" the cookies on client's side as I won't be able to tell all of our customer "hey just delete your cookies"

 

Prestashop version : 1.6.0.8

website : nanowax.cz - access through different URLs to reproduce the issue.

Edited July 31, 2017 by LmanCZ (see edit history)

[Scully]

WWW or non-WWW safe to different cookies. The same is the case for HTTP or HTTPS.

 

Make sure your shop only allows one URL.

 

Flushing cookies can be achieved by the

Front office cookie lifetime setting. Choose a low value for some days.

Edited July 26, 2017 by Scully (see edit history)

[LmanCZ]

Thank you Scully for your reply,

 

When I try to access the shop through all four different options (http://domain.com, http://www.domain.com, https://domain.com, https://www.domain.com) it is all redirected to https://www.domain.com but cookies are set for .domain.com when you try to access it as http://domain.com

 

Would this solve the issue?

 

RewriteEngine on

RewriteCond %{HTTP_HOST} ^nanowax.cz [NC]

RewriteRule ^(.*)$ https://www.nanowax.cz/$1 [L,R=301]

[Scully]

With just a quick view, the redirect looks good. Test it before making your final decision.

Also test the backoffice login!

[LmanCZ]

Just an update, the redirect seems to have solved the issue. Thank you for the help.

[Scully]

You're welcome. Please add "SOLVED" to the topic title. You can do so by clicking on "More Reply Options".