Open domeglic opened 9 years ago
@domeglic I am facing the same issue which using a bitnami magento stack. Have you been able to resolve this?
No, I just stayed at my current way which is to update the form_key in an add to cart observer, which basically nulifies any security advantage, but I don't really see any other way.
I didn't work on it really since then, but this is what I would do: Solution 1:
Solution 2: Pass the request if the frontend cookie is missing. But this would lower the hit ratio.
@domeglic Thanks. Will try.
We recognized similiar problems. Many customers try to add items to cart, but will instead be redirected to the cart, which is empty. It seems, that the esi tag will not replaced every time, but we do not know when this exact happens. It is not reproducable for us, but customers are explaining about it.
So I looked into the code and saw, that the block cache for the form_key cookie is activated. Why is this so? In my opinion it doesn't make sense, because it might be cached with a specific form_key and many users will get the same form_key, which will not fit to the key in the session. For whatever reason it was also cached with the esi include tag, which can be a problem for some pages e.g. the customer login (because of https -> no esi).
It seems that deactivating the block cache in File app/code/community/Phoenix/VarnishCache/Block/Cookie/Formkey.php on line 26-28 worked for us, but I'm not sure. Would be nice, if someone can comfirm this or can explain, why the block has to be cached.
I'm facing the same issue with Magento 1.9.x, any new solution for this?
@Emulator000 Have you tried it with the latest module version and VCL? I should be solved now.
@PHOENIX-MEDIA I'm using the last module and VCL version (last commit 20 April) and I'm experiencing the same issue. I think is related to my comment here. Thank you for your support.
@PHOENIX-MEDIA i'm getting some issues ._. When the user click on "add to cart", are getting the empty cart page.... I've checked the cookies and codes.... The variable Mage.Cookies.get('PAGECACHE_FORMKEY') are correct but in the product "AddCartUrl" are showing another formekey...
Ex: Mage.Cookies.get('PAGECACHE_FORMKEY') "bEbfEXJDTqg07CKM"
And the button "Add To Cart" domain.com/checkout/cart/add/uenc/aHR0cDovL3d3dy5mcmV0dGFob21lY2VudGVyLmNvbS5ici8,/product/123/form_key/Ecz11JmfcfTESRV0/
The products are in the Home Page and use the Magento way to generate the AddToCartUrl.
Mage_Catalog_Block_Product_Abstract->getAddToCartUrl().
i've the last updated of the varnish module.... using varnish 4.1. (Bitnami Magento Stack).
any solution for this ?
I had an older version of this without formkey support and I "solved" it by removing the formkey check when adding to cart. Now I'm trying to update the module so that formkeys are properly handeled, but it won't work because the formkeys are not the same when the cart/add action checks it. How is it supposed to work, because If a user comes to a cached product page and adds it to cart. Varnish will generate a formkey and replace it via ESI, but magento will do the same. What am I missing? Edit: I'm using EE 1.14.0.1 but I've tried this on an empty Magento 1.9.2 with the same results.