We are experiencing a really serious problem with SagePay on live high profile web site.
Basically how SagePay works is that it will take the user credit card information (via an IFrame in the checkout PaymentInfo page). Then it will take the customer money and do a post request to the CheckoutController.ConfirmOrder action.
However once it is in the CheckoutController.ConfirmOrder it hits this code:
var cart = _workContext.CurrentCustomer.ShoppingCartItems.Where(sci => sci.ShoppingCartType == ShoppingCartType.ShoppingCart).ToList();
if (cart.Count == 0)
{
return RedirectToRoute("ShoppingCart");
}
50% of the time the cart.Count equals 0, and what happens is that the order is not confirmed but the money have already been taken out of the customer credit card. Neither the shop owner nor the customer see the order as it is never created.
You can imagine what havoc this is causing.
The problem obviously has to do with the user session being lost for some reason. But this web site is hosted on a single server and guest user orders are disabled.
Please, any advice on this will be greatly appreciated!
Many Thanks