Anonymous Cookie lost between http and https

[hacrodrigues]

Hi guys, has anyone ever came across this issue with AbleCommerce?

I have SSL on and a set of pages and directories configured on the ssl.config file. Everything works fine except the fact that I keep getting a new anonymous cookie (AC7.ASPXANONYMOUS) and that causes the loss of anything on the basket.

I've read dozens of sites (forums, blogs, etc) and tried so many things that I'm getting desperate.

I have this on the web.config

Code: Select all

<httpCookies domain="www.aki.pt" httpOnlyCookies="false" requireSSL="false" />

As well as this:

Code: Select all

<asp><session keepSessionIdSecure="false" /></asp>

And I also checked the "New ID On Secure Connection" attribute on IIS to false.

Nothing seems to be working.

[Katie]

What version are you using? I've never seen this reported by any customer and your site looks very customized. The URL's seem to have some kind of session id in them which must be something you've added ??

e.g. ArmarioTela-P18608.aspx#.VhWjMPlRax0

What I would suggest is setting up a secondary development site using a stock version of AbleCommerce. Make the changes to your ssl.config file without all the customizations and see if that works. I don't believe this is an issue with AbleCommerce software. I know that doesn't help much, but trying to troubleshoot an issue like this means taking back your customizations and trying to figure out which one is causing the issue.

Thanks,
Katie

[hacrodrigues]

Hi Katie and thanks so much for the time you took answering my post.

I'm using Ablecommerce 7.0.8.

It is quite true that my site is extremely customized but isn't cookies and anonymous session handling something that is entirely on asp .Net's responsibility? I'm quite positive that nowhere on my site there's code to overwrite session and/or cookie handling.

The characters at the end of the url is something that an addThis plugin gets in the url client side (javascript) but we took it out.

I've compared web.config and global.asax files from our version to a brand new stock version of ablecommerce and there are no differences. I've also searched my entire site for expressions like 'cookies', 'AC7.', 'ANONYMOUS', 'Session' and there no results were found.

Any known issues with IIS 7.0?

Regards.
Hugo Rodrigues

[Katie]

Hello Hugo,

I wanted to point out that I can add an item to the shopping cart, but when I access other pages, the basket is emptied. I'm not switching between HTTP and HTTPS, so I don't think that is the problem.

I spent a few minutes trying to figure out which pages were dropping the basket items, and if I stay within the AbleCommerce product and category pages, the session is held and the basket contents remain. However, there are other pages that, when accessed, are dropping the basket items. An example of one of these pages has this in the URL -

?tabid=87&langid=pt&path=Home/E-tempo-de/Arrumar-o-Espaco-Exterior/

It seems to be items within the "E tempo de" menu....and perhaps other areas. Do you have a mix of AbleCommerce and non-AbleCommerce pages?

[hacrodrigues]

Hi Katie, yes, we have several non-ablecommerce pages. Is that a problem?

I'll take a look at the code from those non-ablecommerce pages to see if I can find something that may be causing this issue.

If you have any more ideas...everything is welcomed

Thanks again for your help.

[Katie]

I believe this is where the session is lost. I'm not a developer, so this is my best guess...the session handling should be coming from the web.config in the root folder. Now, I would think that any asp.net file within the AbleCommerce directory structure would inherit the settings from web.config.

Again, I am not an expert coder but I think that the issue is narrowed down to these non-ablecommerce pages.