+1-888-365-2779
Try Now
More in this section

Forums / Ecommerce / Item Added to Cart is in All Users' Carts

Item Added to Cart is in All Users' Carts

11 posts, 0 answered
  1. Casey
    Casey avatar
    25 posts
    Registered:
    22 Oct 2010
    08 Feb 2012
    Link to this post
    I login; it doesn't matter which user I use to login.
    I add an item to the cart.
    I navigate to the cart and see the item in the cart (seems fine so far).
    Then I logout that user and login as another user.
    I navigate to the cart and it has the same item I added under another user. It shouldn't have any items in it.

    Any idea of what might cause this? I'm just using the built in Shopping Cart and Product Listing widgets.
  2. Grace Hallwachs
    Grace Hallwachs avatar
    144 posts
    Registered:
    03 Nov 2014
    09 Feb 2012
    Link to this post
    Hi Casey,

    Yes there is a known issue logging in with one user, adding products to your shopping cart and then logging out and logging in with another user. The products associated with the original user will still be in the shopping cart.

    The shopping cart is stored as a cookie on the machine and is not associated with the user id of the person who is logged in at the moment. So if two people are sharing a machine, both of them will be able to see the products in the shopping cart. This shouldn't cause an issue with the checkout because each user would have to enter in their own credit card information in order to checkout.

    Currently the workaround for this would be for the user who doesn't want those products in their cart to delete the unwanted products out of their cart and proceed.

    We will be looking address this issue in a future release. My apologies for any inconvenience this causes you.

    Greetings,
    Grace Hallwachs
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. SteveV
    SteveV avatar
    178 posts
    Registered:
    06 Nov 2011
    10 Feb 2012
    Link to this post
    Wow.  How could something this basic have made it through QC for 2 releases?  This can't inspire much confidence about security for the shopper.  As a shopper using a site with this type of bug I'd wonder what other information about my shopping session is being leaked to other shoppers using the same machine.  Not good.

    When can we expect this to be fixed?  "A future release" really isn't an acceptable answer.

    Steve
  4. Jochem Bökkers
    Jochem Bökkers avatar
    787 posts
    Registered:
    13 Aug 2007
    10 Feb 2012
    Link to this post
    Hey Steve,

    It didn't make it through QC for 2 releases, it was flagged just not fixed. I've tested and rechecked CC information etc myself. Everything is stored secure in the db for the order process, it's just the shoppingcart 'guid' that is a cookie.

    Most ecommerce systems use a cookie to store a shoppingcart id, so in case of browser closing you can resume shopping on the next time you browse to the site. Most of the time 'as users' we just don't notice this, but now as developers we are suddenly aware of this. 

    Yes there are other/better ways to store a guid to retrieve a browser session and I'm sure they'll get it fixed. It's in no way a security issue, because for 'ordering' (instead of shoppingcart) you need to be logged in (username/password) and anonymous checkouts don't store this kind of information.

    Jochem.
  5. Grace Hallwachs
    Grace Hallwachs avatar
    144 posts
    Registered:
    03 Nov 2014
    11 Feb 2012
    Link to this post
    Hello Steve,

    User based shopping carts will be a feature that we implement towards the end of this year. Also there is no security threat or issue with cookie based shopping carts as cookies are tracking the products in the shopping cart and not tracking any kind credit card information.

    I have submitted a feature request on your behalf. You can follow its progress in PITS and vote for its popularity. Based on the popularity among the community we may raise the priority of this task. 

    Regards,
    Grace Hallwachs
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  6. RickC
    RickC avatar
    24 posts
    Registered:
    23 Apr 2003
    05 Mar 2012
    Link to this post
    This is more than just a minor inconvenience. In IE9 this ends up causing a loop.

    1. Click on Item in Product List page - transfers you ro ProductDetails page.
    2. Product Details Page already has items in it from previous session
    3. Add an item to the cart on Product Details Page. I have a Mini-Cart on the page, the new Product Item shows up in the minicart.
    4. Click on Link for ShoppingCart page - IE goes crazy, flashing on and off as it cycles through some loop to fast to even finish loading the page.
    5. If you click Checkout page instead it says "Nothing in the Cart"

    This has killed IE for testing purposes.

    How do I clear the OLD SESSION CART STUFF out of the browser?
  7. Jochem Bökkers
    Jochem Bökkers avatar
    787 posts
    Registered:
    13 Aug 2007
    05 Mar 2012
    Link to this post
    @Rick,

    Sounds like you're having multiple issues at once.

    First, by the sound of it, you've not turned caching off on the shoppingcart/product detail/checkout pages. According to the documentation you should, and that's why you're seeing the mixed up cart/checkout information.
    (Page Overview >> Title & Properties >> Advanced options >> set to "No Caching")

    IE(9) here on Sitefinity v4.4 doesn't go crazy or ends in a loop. Not even when I set the catalog page to itself. So as a blonde and blunt suggestion, have you tried creating a blank page (no theme/no masterpage widgets) and toss a shoppingcart widget on there with a default template to verify it's not a custom issue?

    That the checkout says you've got nothing in your cart is also due to the caching issue mentioned before.

    ---
    You can add something like this to delete the cookie

    if (Request.Cookies["shoppingCartId"] != null)
    {
        HttpCookie myCookie = new HttpCookie("shoppingCartId");
        myCookie.Expires = DateTime.Now.AddDays(-1d);
        Response.Cookies.Add(myCookie);
    }

    Perhaps in combination with some session variable that you set to determine if we're new or still in the same session. If you are, keep the cookie - when you're not delete it.

    But this will leave 'abandoned' shopping carts in your db. So in that case you might want to extend it with something like this:

    02.{
    03.    var cartOrder = this.OrdersManager.GetCartOrder(this.GetShoppingCartId());
    04.    this.OrdersManager.DeleteCartOrder(cartOrder);
    05.    this.OrdersManager.SaveChanges();
    06.    this.OrdersManager.DeleteOrphanedCartAddresses();
    07.    this.OrdersManager.SaveChanges();
    08.    this.RemoveShoppingCartCookie();
    09.}

    Last line will clear out the cookie as well, just to give you the 'official approach'...

    Jochem
  8. RickC
    RickC avatar
    24 posts
    Registered:
    23 Apr 2003
    06 Mar 2012
    Link to this post
    Jochem, thanks for the suggestions. I hadn't set all the Ecommerce pages to No Cache (though that didn't seem to create any problems using the store in FF, Safari or Chrome). It may be just that I had abandoned a cart in IE that was still present and I did not have an abandoned cart in any of the other browsers.

    I added an empty page with a Cart on it. In opening that test page in IE it was immediately populated with the previous abandoned items. I was able to remove the items but when I went back in and added an item in IE the loop took over again so the cart was being refilled with something in the IE cache. I had to completely clear the IE cache and temp files to stop this from happening. That fixed it and everything is working OK in IE now. Thanks.

    Side Note: This might be a cultural phrase choice, but I have blonde hair so I'd rather not see blonde remarks on a Tech Support site. Thanks.
  9. Jochem Bökkers
    Jochem Bökkers avatar
    787 posts
    Registered:
    13 Aug 2007
    06 Mar 2012
    Link to this post
    @Rick

    Apologies for offending you, being a 'blonde' myself I always used it as a 'humoristic phrase' without trying to or meaning to offend someone. Its just my way of saying 'I'm not a senior developer, but have you tried this...' but I will refrain from using it in the future.

    Jochem.
  10. Grace Hallwachs
    Grace Hallwachs avatar
    144 posts
    Registered:
    03 Nov 2014
    06 Mar 2012
    Link to this post
    Hello Rick,

    Please let us know if your issue has been resolved or if you need anymore assistance.

    Kind regards,
    Grace Hallwachs
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  11. RickC
    RickC avatar
    24 posts
    Registered:
    23 Apr 2003
    07 Mar 2012
    Link to this post
    Thanks Grace and Jochem, that takes care of everything.
11 posts, 0 answered