Could not validate nonce, when customer logged in

We have a sixth failure. Customer contacted us saying the spinner kept going and never completed. Customer was logged in. Unknown whether customer logged out before getting the transaction to complete. However, the logs do not show a nonce failure in this case.

Similar problem noted:
https://www.freelancer.com/projects/wordpress/woocommerce-checkout-spinning-multisite

HI @madriverweb

Thanks for reaching out!

Can you please share what payment gateway was used for these failed orders?

Additionally, I’d like to understand your site properly, please share your System Status Report that you can find via WooCommerce > Status. Select Get system report and then Copy for support. Once you’ve done that, you can paste it into your reply here.

If you could also provide the fatal error logs (if any) under WooCommerce > Status > Logs.

The response to the ticket I submitted, https://woocommerce.com/my-account/create-a-ticket/?select=5819284, is unrealistic as most are in suggesting that we can switch themes and disable all other plugins or spend the time setting up a staging site.

A conflict is an error or malfunction caused by two parts of code giving conflicting signals. For example, plugin A gives the signal to put the order in “Completed” status and plugin B prevents this from happening.

Themes and plugins provide additional functionality and features — it also means more code is running on your website and the risk of incompatibility is higher. We strive to ensure compatibility with our own extensions, but third-party products made for WooCommerce are not guaranteed to work with our software. In this documentation page, we will explain how to test for plugin and theme conflicts.

Hence, this is the first step to troubleshooting your site. You can read more about How to Test for Plugin and Theme Conflicts.

Hope this helps!

Thank you very much for the response. We are using WooCommerce PayPal Payments version 2.0.1.

I also forgot to note that I am NOT able to duplicate the problem when logged in as a customer, so it seems moot to disable themes and plugins.

There are no fatal error logs. When customers have had problems, the logs either show 1) CHECKOUT.ORDER.APPROVED but no payment completion, or 2) ERROR Order creation failed: Could not validate nonce.

I will be happy to attach some logs as well.

WordPress Environment

WordPress address (URL): https://www.faystonforager.com
Site address (URL): https://www.faystonforager.com
WC Version: 7.2.0
REST API Version: ?</img> 7.2.0
WC Blocks Version: ?</img> 8.9.2
Action Scheduler Version: ?</img> 3.4.0
Log Directory Writable: ?</img>
WP Version: 6.1.1
WP Multisite: ?</img>
WP Memory Limit: 512 MB
WP Debug Mode: –
WP Cron: ?</img>
Language: en_US
External object cache: –

Server Environment

Server Info: Apache
PHP Version: 8.0.25
PHP Post Max Size: 100 MB
PHP Time Limit: 3600
PHP Max Input Vars: 10000
cURL Version: 7.74.0
OpenSSL/1.1.1n

SUHOSIN Installed: –
MySQL Version: 5.7.39-42-log
Max Upload Size: 18 MB
Default Timezone is UTC: ?</img>
fsockopen/cURL: ?</img>
SoapClient: ?</img>
DOMDocument: ?</img>
GZip: ?</img>
Multibyte String: ?</img>
Remote Post: ?</img>
Remote Get: ?</img>

Database

WC Database Version: 7.2.0
WC Database Prefix: wp_4_
Total Database Size: 38.83MB
Database Data Size: 25.64MB
Database Index Size: 13.19MB
wp_4_woocommerce_sessions: Data: 0.05MB + Index: 0.02MB + Engine InnoDB
wp_4_woocommerce_api_keys: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_4_woocommerce_attribute_taxonomies: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_4_woocommerce_downloadable_product_permissions: Data: 0.02MB + Index: 0.06MB + Engine InnoDB
wp_4_woocommerce_order_items: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_4_woocommerce_order_itemmeta: Data: 0.09MB + Index: 0.09MB + Engine InnoDB
wp_4_woocommerce_tax_rates: Data: 0.02MB + Index: 0.06MB + Engine InnoDB
wp_4_woocommerce_tax_rate_locations: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_4_woocommerce_shipping_zones: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_4_woocommerce_shipping_zone_locations: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_4_woocommerce_shipping_zone_methods: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_4_woocommerce_payment_tokens: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_4_woocommerce_payment_tokenmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_4_woocommerce_log: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_4_actionscheduler_actions: Data: 0.08MB + Index: 0.13MB + Engine InnoDB
wp_4_actionscheduler_claims: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_4_actionscheduler_groups: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_4_actionscheduler_logs: Data: 0.06MB + Index: 0.03MB + Engine InnoDB
wp_4_commentmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_4_comments: Data: 0.08MB + Index: 0.09MB + Engine InnoDB
wp_4_feedmanager_channel: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_4_feedmanager_country: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_4_feedmanager_feed_status: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_4_feedmanager_field_categories: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_4_feedmanager_product_feed: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_4_feedmanager_product_feedmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_4_feedmanager_source: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_4_links: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_4_options: Data: 3.09MB + Index: 0.06MB + Engine InnoDB
wp_4_postmeta: Data: 1.52MB + Index: 0.39MB + Engine InnoDB
wp_4_posts: Data: 0.28MB + Index: 0.06MB + Engine InnoDB
wp_4_simple_history: Data: 5.02MB + Index: 1.83MB + Engine InnoDB
wp_4_simple_history_contexts: Data: 14.02MB + Index: 9.03MB + Engine InnoDB
wp_4_termmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_4_terms: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_4_term_relationships: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_4_term_taxonomy: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_4_wcpdf_invoice_number: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_4_wc_admin_notes: Data: 0.06MB + Index: 0.00MB + Engine InnoDB
wp_4_wc_admin_note_actions: Data: 0.05MB + Index: 0.02MB + Engine InnoDB
wp_4_wc_category_lookup: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_4_wc_customer_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_4_wc_download_log: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_4_wc_order_coupon_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_4_wc_order_product_lookup: Data: 0.02MB + Index: 0.06MB + Engine InnoDB
wp_4_wc_order_stats: Data: 0.02MB + Index: 0.05MB + Engine InnoDB
wp_4_wc_order_tax_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_4_wc_product_attributes_lookup: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_4_wc_product_download_directories: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_4_wc_product_meta_lookup: Data: 0.02MB + Index: 0.09MB + Engine InnoDB
wp_4_wc_rate_limits: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_4_wc_reserved_stock: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
wp_4_wc_tax_rate_classes: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_4_wc_webhooks: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_blogmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_blogs: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
wp_registration_log: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_signups: Data: 0.02MB + Index: 0.06MB + Engine InnoDB
wp_site: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
wp_sitemeta: Data: 0.19MB + Index: 0.03MB + Engine InnoDB
wp_usermeta: Data: 0.09MB + Index: 0.09MB + Engine InnoDB
wp_users: Data: 0.02MB + Index: 0.05MB + Engine InnoDB

Post Type Counts

attachment: 52
custom_css: 1
customize_changeset: 4
mc4wp-form: 1
nav_menu_item: 6
page: 14
post: 20
product: 6
product_variation: 20
revision: 2
shop_coupon: 10
shop_order: 226
shop_order_refund: 13
wp_global_styles: 1

Security

Secure connection (HTTPS): ?</img>
Hide errors from visitors: ?</img>

Active Plugins (17)

Classic Editor: by WordPress Contributors – 1.6.2
Genesis Blocks: by StudioPress – 1.5.3
Genesis Connect for WooCommerce: by StudioPress – 1.1.1
Google Analytics for WordPress by MonsterInsights: by MonsterInsights – 8.11.0
Jetpack: by Automattic – 11.6
MC4WP: Mailchimp for WordPress: by ibericode – 4.8.12
Post Types Order: by Nsp Code – 1.9.9.2
Advanced Editor Tools (previously TinyMCE Advanced): by Automattic – 5.6.0
WP Menu Cart: by WP Overnight – 2.13.0
WooCommerce PayPal Payments: by WooCommerce – 2.0.1
PDF Invoices & Packing Slips for WooCommerce: by WP Overnight – 3.2.5
WooCommerce Shipping & Tax: by WooCommerce – 2.1.0
WooCommerce: by Automattic – 7.2.0 (update to version 7.2.2 is available)
WP Font Awesome: by Zayed Baloch – 1.7.8
WPFront Scroll Top: by Syam Mohan – 2.0.7.08086
Multisite Enhancements: by Frank Bültge – 1.6.1
Simple History: by P?r Thernstr?m – 3.3.1

Inactive Plugins (39)

Advanced Custom Fields: by WP Engine – 6.0.6
Blox Lite - Content Blocks for Genesis: by Nick Diego – 1.2.8
CoBlocks: by GoDaddy – 2.25.3
Contact Form 7: by Takayuki Miyoshi – 5.7
Custom Post Type UI: by WebDevStudios – 1.13.2
Disable Comments: by WPDeveloper – 2.4.2
Flexible Shipping: by Octolize – 4.18.0
Genesis Featured Widget Amplified: by Nick_theGeek – 0.9.2
Genesis Portfolio Pro: by StudioPress – 1.2.3
Genesis Simple Hooks: by StudioPress – 2.3.0
Genesis Simple Share: by StudioPress – 1.1.5
Genesis Simple Sidebars: by StudioPress – 2.2.2
Genesis Visual Hook Guide: by Christopher Cochran – 1.0.0
Honeypot for Contact Form 7: by Nocean – 2.1.1
Icon Widget: by SEO Themes – 1.2.6
MetaSlider: by MetaSlider – 3.28.0
Ninja Forms: by Saturday Drive – 3.6.14
Permissions Editor for Ninja Forms: by Rapid Web Ltd – 1.2.1
Post Status Notifications: by DraftPress – 3.1.9
Product Feed PRO for WooCommerce: by AdTribes.io – 12.0.9
Really Simple CAPTCHA: by Takayuki Miyoshi – 2.1
Simple 301 Redirects: by WPDeveloper – 2.0.7
Simple Page Ordering: by Jake Goldman
10up – 2.4.3

Simple Social Icons: by StudioPress – 3.1.1
Smash Balloon Instagram Feed: by Smash Balloon – 6.1
The Events Calendar: by The Events Calendar – 6.0.6.1
Variation Swatches for WooCommerce: by Emran Ahmed – 2.0.16
Widget Importer & Exporter: by ChurchThemes.com – 1.6
WooCommerce Admin: by WooCommerce – 3.3.2
WooCommerce Amazon Pay: by WooCommerce – 2.3.0
WooCommerce Blocks: by Automattic – 9.1.1
WooCommerce Google Analytics Integration: by WooCommerce – 1.5.18
WooCommerce Payments: by Automattic – 5.1.2 (update to version 5.2.1 is available)
WooCommerce PayPal Checkout Gateway: by WooCommerce – 2.1.3
WooCommerce Product Type Column: by WooCommerce – 1.0.0
WooCommerce Square: by WooCommerce – 3.4.1 (update to version 3.4.2 is available)
WooCommerce Stripe Gateway: by WooCommerce – 7.0.1
WooCommerce Weight Based Shipping: by weightbasedshipping.com – 5.4.0
WP Product Feed Manager: by Michel Jongbloed – 1.45.0

Dropin Plugins (1)

advanced-cache.php: advanced-cache.php

Must Use Plugins (5)

Force Strong Passwords - WPE Edition: by Jason Cosper – 1.8.0
WP Engine Cache Plugin: by WP Engine – 1.1.0
WP Engine Seamless Login Plugin: by WP Engine – 1.6.0
WP Engine Security Auditor: by wpengine – 1.0.10
WP Engine System: by WP Engine – 5.0.1

Settings

API Enabled: –
Force SSL: ?</img>
Currency: USD ($)
Currency Position: left
Thousand Separator: ,
Decimal Separator: .
Number of Decimals: 2
Taxonomies: Product Types: external (external)
grouped (grouped)
simple (simple)
variable (variable)

Taxonomies: Product Visibility: exclude-from-catalog (exclude-from-catalog)
exclude-from-search (exclude-from-search)
featured (featured)
outofstock (outofstock)
rated-1 (rated-1)
rated-2 (rated-2)
rated-3 (rated-3)
rated-4 (rated-4)
rated-5 (rated-5)

Connected to WooCommerce.com: ?</img>
Enforce Approved Product Download Directories: –
Order datastore: WC_Order_Data_Store_CPT

WC Pages

Shop base: #100 - /shop/
Cart: #101 - /cart/
Checkout: #103 - /checkout/
My account: #104 - /my-account/
Terms and conditions: #105 - /terms-and-conditions/

Theme

Name: Fayston Forager
Version: 1.1.4
Author URL: https://www.studiopress.com/
Child Theme: ?</img>
Parent Theme Name: Genesis
Parent Theme Version: 3.4.0
Parent Theme Author URL: https://www.studiopress.com/
WooCommerce Support: ?</img>

Templates

Overrides: –

WooCommerce PayPal Payments

Onboarded: ?</img>
Shop country code: US
WooCommerce currency supported: ?</img>
Advanced Card Processing available in country: ?</img>
Pay Later messaging available in country: ?</img>
Webhook status: ?</img>
Vault enabled: ?</img>
Logging enabled: ?</img>
Reference Transactions: –
Used PayPal Checkout plugin: ?</img>
Tracking enabled: –

Admin

Enabled Features: activity-panels
analytics
coupons
customer-effort-score-tracks
experimental-products-task
experimental-import-products-task
experimental-fashion-sample-products
shipping-smart-defaults
shipping-setting-tour
homescreen
marketing
multichannel-marketing
mobile-app-banner
navigation
onboarding
onboarding-tasks
remote-inbox-notifications
remote-free-extensions
payment-gateway-suggestions
shipping-label-banner
subscriptions
store-alerts
transient-notices
woo-mobile-welcome
wc-pay-promotion
wc-pay-welcome-page

Disabled Features: minified-js
new-product-management-experience
settings

Daily Cron: ?</img> Next scheduled: 2022-12-30 22:04:29 -05:00
Options: ?</img>
Notes: 114
Onboarding: completed

Action Scheduler

Complete: 130
Oldest: 2022-11-29 11:40:50 -0500
Newest: 2022-12-30 11:17:21 -0500

Pending: 1
Oldest: 2022-12-31 04:51:37 -0500
Newest: 2022-12-31 04:51:37 -0500

Status report information

Generated at: 2022-12-30 11:37:28 -05:00
`

@xue28, I really shouldn’t attach logs as they contain customer information. Can you provide an email address so I can send you a login invite?

Hello @madriverweb,

You can attach it and remove any sensitive information, but I recommend going with the conflict test regardless. A failed nonce validation is most likely related to a plugin conflict as you can see here.

Make sure to have your host disable these plugins when conflict testing.

Force Strong Passwords - WPE Edition: by Jason Cosper – 1.8.0
WP Engine Cache Plugin: by WP Engine – 1.1.0
WP Engine Seamless Login Plugin: by WP Engine – 1.6.0
WP Engine Security Auditor: by wpengine – 1.0.10
WP Engine System: by WP Engine – 5.0.1

Let us know how it goes!

It is unrealistic for a small business to be able to spend the time troubleshooting these types of problems. After setting up another non-admin user, I was finally able to duplicate the problem. It is impossible to clear the fields on the checkout page when logged in; two spinners at the bottom keep spinning. If I click PayPal, I get scrolled to the top of the page and am presented with a nonce error, could not validate none. If I try to go back to the Cart page, the product is no longer in the cart because the nonce failed. I think there was a time when I could go back to the Cart page and checkout there, if I hadn’t already clicked the PayPal link on the Checkout page. It has also been problematic to logout; it keeps going back to the “is this you” panel.

I deactivated a few non-essential plugins, did some testing, but to no avail.

Our solution is sadly to disable logins since we can no longer get that functionality to work. We also had WPEngine (the host) exclude caching on the checkout page.

I would have hoped for someone in your organization to have reviewed our system report and said “I’ve seen this before and it is caused by X plugin or a certain platform update.”

So, this is NOT resolved, please do not mark it as resolved.

Hello @madriverweb,

I understand your frustration but if we fail to reproduce the issue then it’s most likely caused by a conflict. Also, threads are set to solved automatically when you no don’t respond to us for a certain time.

That said, let’s try something different. Have you tried test ordering with cash on delivery or other payment methods?

Also, WPEngine is known to have a script that ends any task taking more than 60 seconds on multi-site configurations. Can you please ask them to disable it temporarily?

Let us know how it goes!