Closed mattcoz closed 6 years ago
I wrote a plugin to debug the parameters and result of the isAllowed function of PolicyInterface, here is what I got:
[2017-11-08 21:15:18] main.DEBUG: beforeIsAllowed: null, "self", null. [] []
[2017-11-08 21:15:18] main.DEBUG: afterIsAllowed: false. [] []
Does this help?
I've tried disabling all custom modules and third party modules, still get the same behavior.
@mattcoz, thank you for your report. We were not able to reproduce this issue by following the steps you provided. If you'd like to update it, please reopen the issue. We tested the issue on 2.3.0-dev, 2.1.10, 2.2.1
hi @mattcoz , could you fix the issue?
I'm getting back to this now, still get the same behavior after updating to 2.2.2
I extended my debugging and found that the current user is not being picked up in the user context, the user id is 0 and the user type is GUEST.
I think I fixed it, the session was getting screwed up in one line of my code that seemed to be completely unrelated. So you can leave this closed.
Hi @mattcoz - could you please provide an example of how your code was screwing up sessions? We're experiencing the same issue (from what I can see, there are others as well), so interested to see if this can be related to some part of 3rd party/custom code, as we have no errors logged anywhere, but customers get logged out constantly.
Hi @mattcoz - same problem here. could you help us please ? :smile:
I was calling session_start() before the bootstrap code in order to check a session variable. I think because the session was already initialized that Magento was bypassing some of its initialization code. I added a call to session_abort() after I was done with it and the problem went away.
Thanks Matt, that was very helpful.
It turned out to be an issue with one of the Mirasvit extensions (Rewards) that was checking/modifying sessions too early (on controller_action_predispatch event).
@sambolek we are having the same issue and we are using the Mirasvit Rewards module. The only controller_action_predispatch event I can find in the Mirasvit Module is in checkout_onepage_success. Could you please specify which file you edited?
I found it already, in our case it wasn't caused by the Mirasvit module. https://github.com/magento/magento2/commit/f82a17507acfa821e2bea543a99f072e1de1252f fixed it for us.
@magento-engcom-team I can replicate this on 2.2.2, this issue should be reopened.
It does appear to only happen on a few occasions, probably 1 in 10 times but it is an issue.
I was calling session_start() before the bootstrap code in order to check a session variable. I think because the session was already initialized that Magento was bypassing some of its initialization code. I added a call to session_abort() after I was done with it and the problem went away.
magento2/lib/internal/Magento/Framework/Session/SessionManager.php
Line 169 in 4d4e88a
if (!$this->isSessionExists()) {
Hello,could you please explain what you code you put and where to fix this issue? It's happening to me also
He had an issue like this and oh boy. It was hard to figure out until I noticed a custom theme file had been edited. Long story short, it's most likely your custom theme or your custom extension. Turn off all custom modules and switch to Luma. Then if it starts working, turn on modules one by one to see which one breaks the site. If they all work fine then it's your custom theme that needs closer inspection. Cheers!
Hi,
I've just spent the best part of a day debugging an issue with this end-point and I thought I'd share my findings in case it saves anyone else some time.
TL;DR: Caused by a third party social-login plugin that 'logged in' the wrong user (same email address, but wrong store view).
Configuration
The symptoms:
What is happening in the background:
Why this was happening in my store
Summary In my case this is caused by a faulty Google Login account matching mechanism in the version of the Mageplaza Social Login button I was using. After authenticating with Google, it grabbed the incorrect user account (from another store) and set this as the active user. I'm going to upgrade/fix this.
Preconditions
Steps to reproduce
Expected result
Actual result
The cause seems to be a "401 Unauthorized" response to /rest/default/V1/carts/mine/estimate-shipping-methods-by-address-id