Problem with sessions and nonces
-
Hi,
We had quite a serious problem with our installation that prevented users to go through the checkout process sometime, it happened quite randomly and was hard to fix but eventually our programmer found the problem, here’s what he told me so that you can maybe check what’s going on so that if it’s related to the WooCommerce core you can fix it :
Forced WC session to be created as soon as a user arrives at the checkout page so that a customer id is connected with user. This customer id is used when creating a unique nonce for each anonymous, logged-out users.
? files involved:
? “/wp-content/plugins/woocommerce/includes/class-wc-frontend-scripts.php”
? “/wp-content/plugins/woocommerce-one-page-checkout/woocommerce-one-page-checkout.php”
? code used to force wc_session cookie creation:
? WC()->session->set_customer_session_cookie(true)
?
? related code (from “class-wc-session-handler.php”)
? public function nonce_user_logged_out( $uid ) {
? return $this->has_session() && $this->_customer_id ? $this->_customer_id : $uid;
? }
?
? The above function, which helps decide the user id part of the nonce generated, caused problem. When the user arrived at the checkout page they didn’t have a session, so the anonymous user’s default $uid of 0 was returned from this function. Shortly after, a session would be created and they would be given a “_customer_id”. This causes a nonce to be generated for checks & verification (see “wp_verify_nonce” function) that differs from the one created when the user first entered the page. The solution was to make sure the user has a “_customer_id” as soon as they arrive at the page, so there will never be mismatch nonces.Just wanted to share this with you guys!
Cheers,
Bastien
- The topic ‘Problem with sessions and nonces’ is closed to new replies.
