After updating to version 7.4.5 I've had customers claim they can't login even after resetting their password.

They get the error of "Hash Check Failed". I know doing a Ctrl + F5 (Hard Refresh) enables the login to work again but most people are not going to know to do that.

Anybody else having this issue?

Patrick

I installed on our 4 websites and had no issues on any.

Michael

Hi Patrick
The hash is based on the session id so this sounds like when your customers view the page a new user session isn't starting, and that is more than likely down to caching which would also explain why doing the Ctrl+F5 is sorting this out. If there is caching going on it's not going to be good for your site in general so is this something you could check out or ask your host to look in to for you?

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

Thanks for the insight Vince.

I have made the following adjustment in my .htacces file.

Is this acceptable?

<FilesMatch "\.(xml|txt|css|js)$">
Header set Cache-Control "max-age=0, public"
</FilesMatch>

No, that won't do anything to affect session id handling. It actually looks like you have a few cookie problems as the PHPSESSID seems to be getting mangled/lost in your code and the ectcartcookie is being sent in triplicate with differing values. I don't have a 7.4.5 store handy to compare, but I'm not seeing this on a stock 7.4.4 install.

Peter


Professional ecommerce web hosting services
Shared hosting Windows & Linux | Dedicated servers | Domains | SSL
Ecommerce Templates specialists since 2003
https://servelink.com

Hi Peter,

I got the PHPSESSID working properly but I don't get the ectcartcookie on the following store. www (DOT) badmanbullets.com

Set-Cookie PHPSESSID=3pv71a2gg0l0fcpj82vh4qf5jr; path=/; secure; HttpOnly



My other store gets the PHPSESSID and (4) different ectcartcookie's. www (DOT) slixprings.com

Set-Cookie PHPSESSID=l4v3u3bgqac7hl8q9d8l0s2ln9; path=/; secure; HttpOnly

Set-Cookie ectcartcookie=b057bc8932e5544082e1d7334e; expires=Wed, 15-Dec-2021 02:32:58 GMT; Max-Age=432000; path=/; secure; HttpOnly
Set-Cookie ectcartcookie=e08283d219f2493012efc60804; expires=Wed, 15-Dec-2021 02:32:58 GMT; Max-Age=432000; path=/; secure; HttpOnly
Set-Cookie ectcartcookie=24db824bc5d2433103c5c32e9c; expires=Wed, 15-Dec-2021 02:32:58 GMT; Max-Age=432000; path=/; secure; HttpOnly
Set-Cookie ectcartcookie=426caf8df68d2363dbb7084a5d; expires=Wed, 15-Dec-2021 02:32:58 GMT; Max-Age=432000; path=/; secure; HttpOnly

Both stores are running on ECT v7.4.5.001
PHP 8.0.13

I see you have got rid of that other mystery cookie you were setting and have PHPSESSID making an appearance now, so that's good. I do get the ectcartcookie, three times:

quote:

---

Set-Cookie: PHPSESSID=8l4l2eir66h6hairq7ng95eei2; path=/; secure; HttpOnly
Set-Cookie: ectcartcookie=56743d7b6244f0c5e4d678b029; expires=Sat, 11-Dec-2021 05:54:20 GMT; Max-Age=86400; path=/; secure; HttpOnly
Set-Cookie: ectcartcookie=e3da549003c06d382e23903eb5; expires=Sat, 11-Dec-2021 05:54:20 GMT; Max-Age=86400; path=/; secure; HttpOnly
Set-Cookie: ectcartcookie=6b9c2f6dfee5289fb21001519b; expires=Sat, 11-Dec-2021 05:54:20 GMT; Max-Age=86400; path=/; secure; HttpOnly

---

The other site I get the same as you.

Peter


Professional ecommerce web hosting services
Shared hosting Windows & Linux | Dedicated servers | Domains | SSL
Ecommerce Templates specialists since 2003
https://servelink.com