|
Andrew Senior
|
July 2, 2014 at 4:24 pm
Hello,
I’m having a problem with a session cookie during registration checkout. Given the following scenario I can make the checkout display and charge the wrong amount for a ticket/event.
The user goes to event 1 and selects a ticket for $40.00 the presses the register now button. This takes them to the payment gateway and they decide to pay later with the link they have been emailed.
They then go to event 2 and select a ticket for $250.00 and press the register now button. At this point they decide against purchasing the ticket and navigate away from the page.
The user now decided to pay for event 1 by clicking on the link in their email. This is where the amount for event 2 is displayed and the user is prompted to pay $250.00 instead of $40.00.
Looking at the URL there is a revisit=1 attribute and I’d assume that this would ignore said cookie and display the correct information.
If I stay on the checkout page with the wrong amount displayed and delete the PHPSESSID cookie and refresh the correct amount is displayed.
Are you able to advise on a workaround I could implement while waiting on a fix to be released?
Thank you.
|
|
Andrew Senior
|
July 2, 2014 at 6:01 pm
I’ve also just noticed that if the user presses the Process Payment button while the wrong amount is showing then a line item for the wrong ticket gets added onto the current transaction.
This has been causing errors on the transaction page rendering the maintenance buttons inactive to a point where I have to go remove the bogus line item from the database manually 🙁
Thanks
|
|
Josh
|
July 3, 2014 at 11:18 am
Hi Andrew,
I’m having some difficulty reproducing this with the steps you’ve outlined. Is the registration form step getting bypassed? I ask because when you outlined the steps that part seems to be missing:
The user goes to event 1 and selects a ticket for $40.00 the presses the register now button. This takes them to the payment gateway and they decide to pay later with the link they have been emailed.
There should be a step in between where the registration form gets filled out. Is there a way we can take a look at your site? If you prefer not to post a link here, please fill out our contact form and let us know the link to the events page so we can investigate.
|
|
Andrew Senior
|
July 3, 2014 at 12:10 pm
Hi Josh,
Yes you’re right, sorry for the confusion.
There is a step missing to the first part if the user journey where they enter their details and press the proceed to payment button. At this point if the user decides to pay via cheque, invoice or bank transfer the registration is complete and a ticket generated. The user is then emailed a link to retry payment, this is the link I mentioned. Ultimately at the end of this action the user should be registered without submitting payment and then continue onto step two.
I’m currently working in a dev environment so I can’t share the site with you right now.
Thanks.
|
|
Josh
|
July 3, 2014 at 2:21 pm
Okay then, thanks for the update. We’ll keep you posted with what we find.
|
|
Josh
|
July 3, 2014 at 4:52 pm
Here’s a fix that we’ll be including in a future update:
in core/EE_Cart.core.php line 68 (current version) you can change it to:
$saved_cart = empty( $grand_total ) ? EE_Registry::instance()->SSN->get_session_data( 'cart' ) : NULL;
|
|
Andrew Senior
|
July 4, 2014 at 6:04 am
Thank you, this seems to fix the issue.
|
|
Josh
|
July 17, 2014 at 3:05 pm
Hi Andrew,
I wanted to let you know that the latest version of Event Espresso (4.2.8) includes a fix for the issue you reported here.
|
