Hello--
I have made extensive modifications to Nop1.6. I think that this problem is caused by these modifications and is not a bug in the product, but I would like to know if anyone has encountered this behavior.
In production we have gotten reports from end users (and reproduced ourselves a few times) that when a user logs in sometimes they 'steal' ShoppingCartItems from another user. So user A has a product in their cart. User B logs in and 'gets' user A's product in their cart. User A loses their product (and then has an empty cart).
It seems that it always happens to all the items in the cart. I'm not sure if only anonymous user's items are 'stolen' or logged in users as well. I also cannot reproduce it in my development sandbox (grrrrr!!!!).
As I said I think I created this problem somehow, but under code review I am not able to see where the problem might originate. Please reply if you have seen this type of behavior or if I have overlooked a known 1.6 bug...
Strange problem with modified Nop1.6
- 10
- 1050
- 14.03.2010
- United States
Hi Folks--
I thought I would respond to my own post as this is a fixed problem. The cause was a change I made to web.config. I wanted to rewrite my image (and swf) urls to make more human friendly names. In doing so I changed the web.config (change in bold):
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true">
This was so that requests for images would come through to the UrlRewriting module. This worked, but started 'clustering' multiple different sessions into the same Nop Session ID. So that you would have multiple people fighting over the same cart.
In order to resolve the issue we edited the MembershipHttpModule.cs to make it only run its logic on aspx pages (interestingly there is, at least in 1.6, a method sitting in this class that is unused method private bool IsAspxPageRequested() which I used to test this.) . This kept the carts from clustering.
The exact mechanism is best left for someone more knowledgeable than I about how the asp.net and then NopSession gets set up during a request, but the end result of a media request going through the asp.net server is that everything in the MembershipHttpModule got run, but nothing in the BaseNopPage and Page classes. That combination caused the cart 'clustering' to happen.
Here is the an example of the changes from one method in the class (additions in bold):
private void Application_AuthenticateRequest(object sender, EventArgs e)
{
if (IsAspxPageRequested())
{
if (InstallerHelper.ConnectionStringIsSet())
{
bool authenticated = false;
if (HttpContext.Current.User != null && HttpContext.Current.User.Identity != null)
If anyone has any more questions about this I am happy to answer them.
I thought I would respond to my own post as this is a fixed problem. The cause was a change I made to web.config. I wanted to rewrite my image (and swf) urls to make more human friendly names. In doing so I changed the web.config (change in bold):
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true">
This was so that requests for images would come through to the UrlRewriting module. This worked, but started 'clustering' multiple different sessions into the same Nop Session ID. So that you would have multiple people fighting over the same cart.
In order to resolve the issue we edited the MembershipHttpModule.cs to make it only run its logic on aspx pages (interestingly there is, at least in 1.6, a method sitting in this class that is unused method private bool IsAspxPageRequested() which I used to test this.) . This kept the carts from clustering.
The exact mechanism is best left for someone more knowledgeable than I about how the asp.net and then NopSession gets set up during a request, but the end result of a media request going through the asp.net server is that everything in the MembershipHttpModule got run, but nothing in the BaseNopPage and Page classes. That combination caused the cart 'clustering' to happen.
Here is the an example of the changes from one method in the class (additions in bold):
private void Application_AuthenticateRequest(object sender, EventArgs e)
{
if (IsAspxPageRequested())
{
if (InstallerHelper.ConnectionStringIsSet())
{
bool authenticated = false;
if (HttpContext.Current.User != null && HttpContext.Current.User.Identity != null)
If anyone has any more questions about this I am happy to answer them.