Closed mathetos closed 5 years ago
@mathetos @DevinWalker @kevinwhoffman I've investigated on this issue and created a video how I am able to reproduce the issue. I'm thinking that this scenario with which I've reproduced the issue is not an ideal user behavior as clicking on the back button and trying to donate without refreshing the page is not good. Please check the video for more information.
Video Link: https://www.useloom.com/share/73dc75248ccb42b398b2341f67f90097
Let me know your thoughts on this or you have any different scenario to reproduce this issue.
@mehul0810 When I tested, I refreshed the page once I was on the donation page again. I think this user-flow is HIGHLY unlikely, but I think the fact that this happens suggests to me that something about our nonce check and error messaging is not quite accurate because I believe the nonce is actually still correct, but it's something about how Give is working with the cookies that is incorrect.
We have a customer reporting this error today, I'm asking them for exact replication steps: https://secure.helpscout.net/conversation/698817721/28396/
@mehul0810 assigning to you but please wait until we get reproducible steps from @mathetos before looking into this.
I got a duplicator file from the first user and was NOT able to replicate it locally at all. But then we got a second report from a user today (I added both HelpScout links in the OP). They pointed to their live page where you can see the problem just by switching to PayPal Standard. See here: https://www.learntherisk.org/donate/
If you can't see it anymore there, I've got a GIF:
I asked them to try using "Transients Manager" to remove their transients and test again. Additionally, @kevinwhoffman noticed a JS error on that form related to Fee Recovery, so I asked them to deactivate that IF the transients clearing didn't solve it.
I'll report back when I hear back from them, but for now something is definitely off but it's very difficult to replicate.
Here is the console error that appears after attempting to switch gateways in the site above. This doesn't necessarily mean Fee Recovery is the cause; it might just be the first script to encounter an error after the nonce failure.
@jaydeeprami Please move this to the top of your list since @mehul0810 is out the rest of this week. We do not have specific steps to replicate, but we have definitely seen an increase in nonce validation errors recently.
Also note the nonce validation error described in the original post might be different from the nonce error that appears on gateway change in https://github.com/impress-org/give/issues/3820#issuecomment-436070255. Try your best to uncover the cause and report back before you leave for the week. Thanks.
Two users confirmed that clearing Transients had no effect. One provided this stack trace from New Relic:
@kevinwhoffman,
I have try many cases to reproduce this issue but unable to do it. Below are cases which I have tested but not able to reproduce the issue from my end.
1) Process donation with new donor and then click on browser back button without refresh page and still can't reproduce issue 2) Process with create donation with new donor and then clear cookie and click on browser back button without refresh page and still can't reproduce issue 3) Logged out user case: -> Create donation and then Click on browser back button and try donation again without refresh page -> Create donation and then Click on browser back button and switch gateway then try donation again without refresh page
4) I have checked above all cases with options like Logged IN, Logged Out, With Login option enable and With Register + Login Option enable but could not reproduce the issue. 5) Also, I have tested with Fee recovery, Recurring Donation and FFM Addon but not able to reproduce issue. 6) I have also try to reproduce issue as per Matt suggest but can't reproduce.
Also, I have looked into live site ( https://www.learntherisk.org/donate/ ) and found one thing which cause this issue in that site.
On Gateway load, we are passing nonce
in gateway load in ajax action but I have found that nonce
option is not passed in Gateway load ajax request. Please see my attached screenshot from that site.
I am not sure why it's not passed as I have checked it in Core file and we are passing.
We have already resolved that issue https://github.com/impress-org/give/issues/2580
It might be possible that site using old version of Give.
Thanks @jaydeeprami for your research into this issue. Each of the customer sites that reported this had a variety of problems with caching or running the wrong version of Give. Here's a few examples:
While they all had a common reason each was different in HOW it was happening and thus made it hard to find the commonality.
Closing for now, good work team!
Reopening due to another possibly related report: https://wordpress.org/support/topic/paypal-standard-sometimes-works/
@ravinderk I'm assigning to you. Please use Give core version 2.3.0 and investigate this nonce issue. It seems to happen most frequently during payment gateway switches. Be sure to test all browsers.
This user got it resolved by resetting his VPN... so it always seems to get resolved in one way or another still, but I still believe there is a root issue that is causing this. wordpress.org/support/topic/paypal-standard-sometimes-works
@kevinwhoffman @mathetos I am able to reproduce this issue. Donor will get failed nonce issue if donation form page cache generated when the donor was in session.
Bug Report
User Story
As a donor, I want to be able to donate multiple times. Currently, under just the right/wrong circumstances, I'll get a "nonce verification error" when I attempt to donate a second time.
Current Behavior
If a cookie gets cleared between two donations, then the second donation attempt always results in a "nonce verification error" and the user is reflected as logged-out regardless of whether they are logged in correctly or not.
Expected Behavior
A new session should be created between each donation attempt regardless of the donors logged-in or logged-out state.
Bug Type
Steps to Reproduce
Possible Solution
THIS IS JUST MY BEST GUESS BASED ON THE BEHAVIOR: Ensure that when a donor attempts to donate a second time during the same session, that the old session is cleared correctly, and a new session is created.
Related
Acceptance Criteria
Environment