Magento2: Customer gets logged out when they save/change their account - 2.2 only

Created on 4 Jan 2018  路  14Comments  路  Source: magento/magento2

Steps to reproduce

  1. In Magento 2.2 and above
  2. Log in as a customer - frontend
  3. Edit your address and save
  4. The page will reload
  5. Click to another account page
  6. You will get logged out every time.

Expected result

  1. The session should not destroy itself when a customer saves their account

Note: This does not happen on 2.1.x

Format is not valid needs update
Source
picture mzenner1

Most helpful comment

Check
/vendor/magento/framework/Session/SessionManager.php
there is a function that looks like this 

public function regenerateId()
    {
        if (headers_sent()) {
            return $this;
        }
        $this->isSessionExists() ? session_regenerate_id(true) : session_start();
        $this->storage->init(isset($_SESSION) ? $_SESSION : []);

        if ($this->sessionConfig->getUseCookies()) {
            $this->clearSubDomainSessionCookie();
        }
        return $this;
    }

it should be longer as in
https://github.com/magento/magento2/blob/2.2-develop/lib/internal/Magento/Framework/Session/SessionManager.php#L509
try version 2.2.6
or put this class to
<mage_root>/lib/internal/Magento/Framework/Session/SessionManager.php if that folder was empty as a temporary solution.

picture ilnytskyi on 25 Sep 2018
👍4

All 14 comments

@mzenner1 thank you for your report.
Please specify what do you mean by "Click to another account page".

magento-engcom-team picture magento-engcom-team on 4 Jan 2018

Any account link in the customer sidebar. "My Orders" will do the trick.

When you first log in as a customer, click "Edit" on your contact info. Do something simple, like add a letter to your last name. Hit save, then click to another account page, like "My Orders" and you get logged out.

mzenner1 picture mzenner1 on 4 Jan 2018

@mzenner1 thank you for your report.
Unfortunately, we can't reproduce this issue.
Please try to reproduce this issue on the clean installation ver 2.2.2 and tell us the result.

magento-engcom-team picture magento-engcom-team on 5 Jan 2018

I can confirm this does not happen in 2.2.2

bydrei picture bydrei on 5 Jan 2018

Hello I am looking for this issue #mm18in.

RakeshJesadiya picture RakeshJesadiya on 7 Jan 2018

@RakeshJesadiya thank you for joining. Please accept team invitation here and self-assign the issue.

magento-engcom-team picture magento-engcom-team on 7 Jan 2018

@mzenner1 thank you for your report.
Unfortunately, we can't reproduce this issue. I have check above steps in Laest Version 2.2.2 for customers.
Check using existing customer and creating new customer, Edit Address and save,
Go To My Order Link and check its working fine.

Thanks.

RakeshJesadiya picture RakeshJesadiya on 7 Jan 2018

Hi,

In a clean installation this is still a bug in 2.2.2.

Steps to Reproduce:

Login to account.
Edit Account information
Hit Save button immediately after hitting save, click the Billing Agreements or Gift Cards Link in the account dashboard
User will be logged out

Its not reproducible every time but its definitely possible

jcolas15 picture jcolas15 on 3 Apr 2018

I get the same issue with Chrome browser on MAC. It is not happen on firefox.

AnduZhang picture AnduZhang on 4 Apr 2018

I am also getting the same issue of logout.

honeygarg picture honeygarg on 18 May 2018

Can confirm that we are experiencing this issue intermittently as well. We do not experience it every time. It appears to be a race condition of some sort.

chrwhite-incomm picture chrwhite-incomm on 7 Jun 2018

It looks like I have the same issue, with 2.2.4. It happens all the time and is reproducible, but I have a third party login module, which I am debugging right now. It seems like a bug coming from Magento though.

Ynhockey picture Ynhockey on 2 Jul 2018

I'm pretty sure this originates here: vendor/magento/module-customer/Model/Plugin/CustomerNotification.php.

As far as I can tell on post _after_ a customer save event has occurred it regenerates the session id. The save event notifies the system that the customer session should be updated. If another event does a post after the save but before the browser is notified of the session id update it will log the user out.

Ian410 picture Ian410 on 20 Jul 2018

Check
/vendor/magento/framework/Session/SessionManager.php
there is a function that looks like this 

public function regenerateId()
    {
        if (headers_sent()) {
            return $this;
        }
        $this->isSessionExists() ? session_regenerate_id(true) : session_start();
        $this->storage->init(isset($_SESSION) ? $_SESSION : []);

        if ($this->sessionConfig->getUseCookies()) {
            $this->clearSubDomainSessionCookie();
        }
        return $this;
    }

it should be longer as in
https://github.com/magento/magento2/blob/2.2-develop/lib/internal/Magento/Framework/Session/SessionManager.php#L509
try version 2.2.6
or put this class to
<mage_root>/lib/internal/Magento/Framework/Session/SessionManager.php if that folder was empty as a temporary solution.

ilnytskyi picture ilnytskyi on 25 Sep 2018
👍4
Was this page helpful?
0 / 5 - 0 ratings

Related issues

spyrule picture spyrule  路  3Comments
denis-g picture denis-g  路  3Comments
PascalBrouwers picture PascalBrouwers  路  3Comments
ostmond picture ostmond  路  3Comments
kirashet666 picture kirashet666  路  3Comments