Developer forum

Forum » Development » Critical issue with cart cookie

Critical issue with cart cookie

E-mail notifications
Anders Ebdrup
Anders Ebdrup
Reply
Posted on 31/08/2018 11:35:38

Hi Dynamicweb,

 

We have an issue with lost carts in 9.4 and it seems to be caused by the cart reference saved in cookies.

In the method: SaveCartCookie the value is encrypted:

 

                Dim crypto As New Crypto(SymmProvEnum.Rijndael)
                Dim encryptedCookieValue As String = Crypto.Encrypt(cart.Id & "")
                CookieManager.SetCookie(cookieName, encryptedCookieValue, DateAdd(DateInterval.Day, expire, Now))

 

But in LoadCart() the value is fetched without decrypting:

                        Dim cookieUserKey As String = Common.Context.ConvertKeyToCartContextAwareKey(cookieKey & user.ID)
                        If request.Cookies(cookieUserKey) IsNot Nothing Then
                            cart = Ecommerce.Services.Orders.GetOrder(Converter.ToString(request.Cookies(cookieUserKey).Value))
                        End If


I hope you can have a look on this issue in the 9.4-branch?

 

Best regards, Anders


Replies

 
Nicolai Pedersen
Posted on 31/08/2018 15:12:37
Reply

Hi Anders

I've send this to QA for verification and fixing.

Sorry about the inconvenience!

Have a nice weekend, Nicolai

 
Oleg Rodionov Dynamicweb Employee
Oleg Rodionov
Posted on 03/09/2018 05:47:33
Reply

Hi  all,

Anders, I've tried to reproduce the issue with the scenario:

1. Set Settigns-Ecomm-AC-Shopping Cart-'Saved for later valod time' = e.g. 5;

2. Open frontend by anonimous;

3. Add some product to shopping cart, check cookies - note Dynamicweb:Ecom:Cart is available and has value (OK);

4. Reset IIS pool of the solution, refresh the cart frontend - the cart is empty, Dynamicweb:Ecom:Cart does not have any value (FAIL)

The issue is reproduced on DW95 but not on last DW9.4.18 so, please confirm that your case fully follows mine or describe your one otherwise. Thanks in advance.

BR, Oleg QA

 

 

 

 
Anders Ebdrup
Anders Ebdrup
Posted on 03/09/2018 09:32:01
Reply

Hi Oleg,

 

I do not know the exact steps to reproduce, but the issue seems pretty obvious then looking at this screen shot: https://www.screencast.com/t/bZJN2QfUeRAt compared with the code.

We are using:  9.4.15.

 

Do you need more info from me?

 

Best regards, Anders

 

 
Oleg Rodionov Dynamicweb Employee
Oleg Rodionov
Posted on 04/09/2018 05:37:28
Reply

Anders,

Could you please attach screenshot of 'Settings-Ecomm-AC-Shopping cart' of your solution. It's very bad that you don't know exact scenario. I've tried to check various scenarios use carts have context/without for several frontent users as per your last dump. I cannot catch the issue on DW9.4.15 as well. 

BR, Oleg QA  

 
Anders Ebdrup
Anders Ebdrup
Posted on 04/09/2018 14:39:32
Reply

Hi Oleg,

 

We have trouble reproducing the issue as well, but when troubleshooting the clients we see the same issue every time with the last carts. And from a code perspective you have one case where the cookie value is not decrypted.

Please see our settings here: https://www.screencast.com/t/1JXI1VGc4zT

 

Best regards, Anders

 
Dmitriy Benyuk Dynamicweb Employee
Dmitriy Benyuk
Posted on 05/09/2018 10:45:57
Reply

Hi Anders,
that is a bug. TFS# 54483 is created to fix that.
Regards, Dmitrij

 
Anders Ebdrup
Anders Ebdrup
Posted on 05/09/2018 10:47:34
Reply

Sounds great, thank you! Will it be fixed in the 9.4-branch?

Best regards, Anders

 
Anders Ebdrup
Anders Ebdrup
Posted on 13/09/2018 10:08:30
Reply

Hi Dynamicweb,

 

When do you think this will be fixed? Can it be done in the 9.4-branch?

 

Best regards, Anders

 
Dmitriy Benyuk Dynamicweb Employee
Dmitriy Benyuk
Posted on 13/09/2018 10:13:51
Reply

Hi Anders,
it will be available in the next 9.4 hotifx but if you want it now you can try to update it manually using the Dynamicweb.Ecommerce 1.4.81 version.
Regards, Dmitrij

 
Anders Ebdrup
Anders Ebdrup
Posted on 19/09/2018 12:06:40
Reply

Hi Dmitrij,

 

Is this fix added to v9.5.1?

 

Best regards, Anders

 
Dmitriy Benyuk Dynamicweb Employee
Dmitriy Benyuk
Posted on 20/09/2018 08:29:35
Reply

Hi Anders,
yes, it should be there, it was added in the Dynamicweb.Ecommerce 1.5.2 version.
Regards, Dmitrij

 
Anders Ebdrup
Anders Ebdrup
Posted on 27/09/2018 19:41:53
Reply

Hi Dmitrij,

 

Will this issue be fixed in v9.4 as well?

 

Best regards, Anders

 
Dmitriy Benyuk Dynamicweb Employee
Dmitriy Benyuk
Posted on 27/09/2018 20:39:15
Reply

Hi Anders,
yes, should be already fixed in Dynamicweb.Ecommerce 1.4.81 and later.
Regards, Dmitrij

 
Kristian Kirkholt Dynamicweb Employee
Kristian Kirkholt
Posted on 25/10/2018 10:16:07
Reply
This post has been marked as an answer

Hi Anders

Yes this is fixed in 9.4.20 version

Package: 1.4.81 and later

To upgrade please choose this version here:

http://doc.dynamicweb.com/releases-and-downloads/releases

Let me know if you need any more help regarding this

Kind Regards
Dynamicweb Support
Kristian Kirkholt

Votes for this answer: 1

 

You must be logged in to post in the forum