OpenCart Community

I'm having an issue with login management on a site that I am testing.

The site is https://services.neighborhoodrobotics.org and is using Version 3.0.2.0

I just reproduced a login issue twice with the following steps in two different browsers with all caching at the browser turned off. I have been on two separate networks today and I see the same behavior.

Please perform the following tasks in order.

1. go to home screen services.neighborhoodrobotics.org
2. from top "myaccount" login, login using test2@neighborhoodrobotics.org password test2 or create an account
3. return to home screen
4. add product
5. go to checkout
6. logout with "myaccount" at the top
7. go back to the home page
8. look in the "myaccount" drop down and the logout option exists showing that you stayed logged in.
9. go to checkout and you are not prompted for login showing that you are still logged in

I did this with firefox.

There are other ways to reproduce.

1. go to home page and add the product without being logged in
2. hit checkout.
3. you are prompted for a login, login with test2@neighborhoodrobotics.org password test2 or create an account
4. the page does not see you as logged in and does not let you continue.
5. return to home screen
6. look in the "myaccount" drop down and the logout option exists showing that you stayed logged in.
7. go back to checkout and it does not see you as logged in

I did this with edge.

Use the developers kit from both browsers noticing console error messages while doing these steps.

I just want to point out, I've looked into this for dczukoski, and couldn't find the cause of this. It's not something simple that was easily fixed, or something I've ever seen before.

I'm fairly certain it's a server-level thing, and not something that can be fixed in OpenCart, but I could be wrong. If anyone else has experienced this on OpenCart 3.0, please post if you found a solution.

If it's a server-related issue, first check the sess folder from the root domain location on the FTP or from the host's file manager console for any locked files.

Tried steps with console in firefox. No errors on the console on the client side.

I suspected that each page was using a different cookie, but that is not the case either.

What about the sess path (or tmp) on the root domain location?

To answer your question:
I deleted an index and an sess file that were in the storage folder. The behavior stayed constant. I did not log back in.
There is no sess file or directory in the server root, the webserver root, or the subdomain root.

Other items of note now that I am poking around:
I did look at php.ini and it looked interesting:
session.auto_start = Off;
session.use_only_cookies = On;
session.use_cookies = On;
session.use_trans_sid = Off;
session.cookie_httponly = On;
session.gc_maxlifetime = 3600
session.save_path = "/var/cpanel/php/sessions/ea-php70"

Also, when I "logged in" today. Opencart did retain my 4 added items to the cart from days ago.

There are two sess files in /tmp. Just found it.

I would not suggest deleting index.html file from your storage folder. However, delete the sess files from your host file manager console if you find some - not from FTP and do NOT delete the tmp folder itself by doing so.

This line looks non-standard:

session.save_path = "/var/cpanel/php/sessions/ea-php70"

That could be it, if the session is being saved somewhere besides where OpenCart is sending it. See if commenting out that line helps, though you may need to contact your web host about it if they have a higher directive for "session.save_path" that's still applying even if you remove it from your own php.ini file.

In addition, PHP v7.0 is being used. It would be suggested to use at least PHP v7.1 or above.