I discovered an issue earlier this week that I believe is a bug, but it's really hard to verify that since 1) We don't run a stock Miva Merchant store (who does really) and 2) This has to do with placing an order (so it makes it hard to test on someone else's store). Before I tear my hair out or submit any type of official bug to Miva Merchant, I would like some help verifying that my stores aren't the only ones having this issue.
Back in 2010, we set up a post-order account creation. The setup is super simple and we never had a problem with it (we highly recommend it to everyone not in our industry; the results are staggering). Simplified, the process is basically a copy of the customer form from ACAD placed on the INVC screen with as much information prefilled from the order as possible. The form then submits to SFNT, which then redirects (old-school meta redirect) to a custom DASH screen we created.
Fast forward to 2012 and we finally got around to upgrading to PR7 where Miva Merchant redid all of their cookies (I understand the changes, I like the changes, just hear me out). Since the upgrade, we have been having a problem that I just discovered this week (the problem is so subtle that we've never received a customer email about it).
In the old setup (pre-PR7), when the customer got to the INVC screen and was presented with the create your account form, they simply enter a password, hit submit, and then would be sent to their account dashboard (DASH). Once on this screen they could see their order and account information and even had an option to print their order receipt if they didn't do so before creating the account.
With the new setup (post-PR7; we're actually on PR8 which I know isn't the latest and greatest), the process is breaking down. What is happening now, is when the customer gets to the INVC screen and is presented with that same exact form, they can still enter a password and hit submit, but they never make it to the DASH screen. The account does get created successfully, they are just not logged into the newly created account, so when they try to access DASH, they are kicked back to LOGN. I did a number of tests and tried to troubleshoot the problem the best I could, and this is what I found (and what I would like to see confirmed):
When on the INVC screen, the order is created the and the customer's basket is deleted (nothing new). The basket-id cookie that contains the session-id however, is not expired. If the customer goes from INVC to any other Miva Merchant screen/page, the cookie persists, but it now points to a non-existent basket. Miva Merchant assigns a new session-id that you can access using the global:basket:session_id token, but the cookie is never updated properly. Now typically, the customer never notices this because when they try do something that interacts with the basket, the basket-id cookie is finally updated.
Now there could very well be more to this problem, but this is what I've discovered so far. I spent the last 2 days working on this and I have a less-than-pretty fix in place using the toolkit in a couple of places, but I would very much like to work to get this fixed.
So how can you help? If you are a store owner, there are two fairly simple ways you can see if you are experiencing this same problem. (Please make note of your Miva Merchant version if you do try to help)
1) If you have the post-order registration on your INVC screen (preferably a non-module version just to limit any behind the scenes fixes they might employ), then place an order WITHOUT using an account. Upon completion of the order, use your form to create an account. If you are logged in to your new account, then I've gone crazy and you are not experiencing this problem. If you are NOT logged in, then you are in the same boat I am in.
2) If you don't use the post-order registration or you have a module version installed, then you can use something like Firebug or Chrome developer tools to watch your cookies. Before you hit submit on the OPAY screen, look at your mm5-X-basket-id cookie value. Once you hit submit and complete your order, does that cookie stay the same? Click to another Miva Merchant page (SFNT or LOGN), is the cookie value still the same? If so, then you are in the same boat as me.
So what was my (temporary) fix? The fix (as always) lies in the tool kit. I used the headeroutput/vheaderoutput functions to expire the cookie on INVC and then create a new one if the customer tries to create an account. If this turns out to be a widespread bug I can post the quick fix if needed.
tldr: Cookies aren't expiring after an order is placed, therefore maintaining a reference to a non-existent basket record.
Back in 2010, we set up a post-order account creation. The setup is super simple and we never had a problem with it (we highly recommend it to everyone not in our industry; the results are staggering). Simplified, the process is basically a copy of the customer form from ACAD placed on the INVC screen with as much information prefilled from the order as possible. The form then submits to SFNT, which then redirects (old-school meta redirect) to a custom DASH screen we created.
Fast forward to 2012 and we finally got around to upgrading to PR7 where Miva Merchant redid all of their cookies (I understand the changes, I like the changes, just hear me out). Since the upgrade, we have been having a problem that I just discovered this week (the problem is so subtle that we've never received a customer email about it).
In the old setup (pre-PR7), when the customer got to the INVC screen and was presented with the create your account form, they simply enter a password, hit submit, and then would be sent to their account dashboard (DASH). Once on this screen they could see their order and account information and even had an option to print their order receipt if they didn't do so before creating the account.
With the new setup (post-PR7; we're actually on PR8 which I know isn't the latest and greatest), the process is breaking down. What is happening now, is when the customer gets to the INVC screen and is presented with that same exact form, they can still enter a password and hit submit, but they never make it to the DASH screen. The account does get created successfully, they are just not logged into the newly created account, so when they try to access DASH, they are kicked back to LOGN. I did a number of tests and tried to troubleshoot the problem the best I could, and this is what I found (and what I would like to see confirmed):
When on the INVC screen, the order is created the and the customer's basket is deleted (nothing new). The basket-id cookie that contains the session-id however, is not expired. If the customer goes from INVC to any other Miva Merchant screen/page, the cookie persists, but it now points to a non-existent basket. Miva Merchant assigns a new session-id that you can access using the global:basket:session_id token, but the cookie is never updated properly. Now typically, the customer never notices this because when they try do something that interacts with the basket, the basket-id cookie is finally updated.
Now there could very well be more to this problem, but this is what I've discovered so far. I spent the last 2 days working on this and I have a less-than-pretty fix in place using the toolkit in a couple of places, but I would very much like to work to get this fixed.
So how can you help? If you are a store owner, there are two fairly simple ways you can see if you are experiencing this same problem. (Please make note of your Miva Merchant version if you do try to help)
1) If you have the post-order registration on your INVC screen (preferably a non-module version just to limit any behind the scenes fixes they might employ), then place an order WITHOUT using an account. Upon completion of the order, use your form to create an account. If you are logged in to your new account, then I've gone crazy and you are not experiencing this problem. If you are NOT logged in, then you are in the same boat I am in.
2) If you don't use the post-order registration or you have a module version installed, then you can use something like Firebug or Chrome developer tools to watch your cookies. Before you hit submit on the OPAY screen, look at your mm5-X-basket-id cookie value. Once you hit submit and complete your order, does that cookie stay the same? Click to another Miva Merchant page (SFNT or LOGN), is the cookie value still the same? If so, then you are in the same boat as me.
So what was my (temporary) fix? The fix (as always) lies in the tool kit. I used the headeroutput/vheaderoutput functions to expire the cookie on INVC and then create a new one if the customer tries to create an account. If this turns out to be a widespread bug I can post the quick fix if needed.
tldr: Cookies aren't expiring after an order is placed, therefore maintaining a reference to a non-existent basket record.
Comment