Magento2: More issues related to the customer data loaded by js

Created on 15 Oct 2020 · 7Comments · Source: magento/magento2

Description

In ticket https://github.com/magento/magento2/issues/28428 I reported a bug that affected customer data not retrieved after executing a custom login controller, that was fixed by: https://github.com/magento/magento2/pull/29081

After applying such patch, one of my customer reported 2 more different bugs that I consider are related with the customer data loaded by javascript as well

If in the Magento instance exists customers with similar fullname (same lastname for example), the message that appears on the welcome message mismatch the fullname (wrong is loaded). It was verified that the data of the logged user that appears on the profile view is different than the one loaded on the customer data object loaded by js for printing the welcome message
After login, if the user proceeds to checkout, the login popup appear even if the user was previously logged.
Similar than the issue described here: https://github.com/mageplaza/magento-2-social-login/issues/197

Preconditions

Magento 2.3.4 or 2.3.5
Custom Login controller

My login controller is similar than the PostLogin code

$customerSession->setCustomerDataAsLoggedIn($customer);
if ($this->getCookieManager()->getCookie('mage-cache-sessid')) {
    $metadata = $this->getCookieMetadataFactory()->createCookieMetadata();
    $metadata->setPath('/');
    $this->getCookieManager()->deleteCookie('mage-cache-sessid', $metadata);
}

$resultRedirect = $this->resultRedirectFactory->create();
return $resultRedirect->setUrl($targetURL);

The extension also forces sections to be invalidated after my custom login, by adding a etc/frontend/sections.xml as documented on page-caching

<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"        xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Customer:etc/sections.xsd">
    <action name="sso/saml2/acs">
        <section name="*"/>
    </action>
</config>

Steps to reproduce

I implemented this simple custom login controller that will allow reproducing the issue:
https://github.com/pitbulk/magento-custom-login

If in a private browser I log in with a user that has the same lastname as others, I experience the issues described.

The issue exists on Magento 2.3.4, 2.3.4-p2 and 2.3.5-p1

Expected result

customer data properly loaded even if existing customer accounts with the same lastname
If the user is logged in, clicking on the checkout link will never open a popup for authentication

Actual result

After enabling a private browser, and log in

wrong welcome message is loaded, data from other customer prompted
If the user is logged in, click on the checkout link, a popup for authentication appears
Similar to the situation described here: https://github.com/mageplaza/magento-2-social-login/issues/197

ready for confirmation Reported on 2.3.4

Source

pitbulk

Most helpful comment

any progress with this issue? I believe it impacts any extension implementing a custom login controller.

pitbulk on 26 Oct 2020

👍4

All 7 comments

Hi @pitbulk. Thank you for your report.
To help us process this issue please make sure that you provided the following information:

Summary of the issue
Information on your environment
Steps to reproduce
Expected and actual results

Please make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, please, add a comment to the issue:

@magento give me 2.4-develop instance - upcoming 2.4.x release

For more details, please, review the Magento Contributor Assistant documentation.

Please, add a comment to assign the issue: @magento I am working on this

Join Magento Community Engineering Slack and ask your questions in #github channel.

:warning: According to the Magento Contribution requirements, all issues must go through the Community Contributions Triage process. Community Contributions Triage is a public meeting.

:clock10: You can find the schedule on the Magento Community Calendar page.

:telephone_receiver: The triage of issues happens in the queue order. If you want to speed up the delivery of your contribution, please join the Community Contributions Triage session to discuss the appropriate ticket.

:movie_camera: You can find the recording of the previous Community Contributions Triage on the Magento Youtube Channel

:pencil2: Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel

m2-assistant[bot] on 15 Oct 2020

Also seeing the second issue in 2.3.5-p2.

After login, if the user proceeds to checkout, the login popup appear even if the user was previously logged.

david-kominek on 16 Oct 2020

any progress with this issue? I believe it impacts any extension implementing a custom login controller.

pitbulk on 26 Oct 2020

👍4

I have several customers of my extension reporting this issue, any ETA for the resolution that I can share with them?

@complexthings you made a fantastic job fixing the other related issue, can you by any chance work on this?

pitbulk on 19 Nov 2020

I am one of the customers affected by this issue. There are still a lot of people running Magento 2.3.x. Thank in advance to anyone who can help implement this fix.