Safari browsers are losing their session. (IE, when I add an item to the cart, it does it, then on the next page it loses the session.)

I did some digging and I believe that safari is mangling the cookie session key because of the hmac...it is base 64 encoded, so it ends in an equal sign. Safari (if it even passes this value in the cookies list) will split the cookie at that = sign so you get no sessionId.

http://www.hatclub.com is an example. please use safari and add to cart. you will see it redirect to the cart page with a new session being created, so no items in cart.

Please respond with a solution. I have full source.

forgot to add, I am using version 4.1

What version of Safari are you using?

Mediachase Software

the latest version from the website. Safari 3. This problem happens on both windows and mac versions.

Is there anyone that can help me? We are losing money in sales because the browser doesn't work.

Hi, does that happen for you in our demo site:

http://ecf41.demo.mediachase.com/publicstore/

and maybe

http://ecf50.demo.mediachase.com/public/

Thanks.

This is not happening on your demo sites, but we are not using the public site you created. It simply didn't skin the way we needed it to. So the real question is...do the demo sites have newer code than what we have, or what could we possibly be missing in implementation that would cause only safari to have issues?

 

I did look at the cookies that are being saved and realized that your ShoppingCartKey is no longer passing anything but the HMAC (or whatever is base64 encoded in there) is that a change you made?

What exact version are you using?

The demo is running "4.1.0", which is not even the latest one.

What I would make sure is that your server has the latest ASP.NET/.NET service packs running.

WebUtility shows 4.1.2. I would assume the rest are from the same codebase, since we haven't updated from that point.

I looked at the live site from both IE and safari....I noticed it is doing the same thing on that site, so I wonder if I am just missing some code to initialize something.

IE shows ShoppingCartKey = nJ+GGijal3VhRFybePatbeBdYyo=,993,

Safari shows ShoppingCartKey = 168hDaGfkTMqABVJS/ivm5CkLmE=

Both were done looked at after adding a second item to the cart. So the real question is, without the session id (993 on the IE side) how is my session loading in safari?

By live site I meant your demo sites

There is SessionInit method called from StoreFilter.cs which is the HttpModule that should be registered in web.config.

This is the same class where SessionSave is called as well which persists the session id into the cookie.

Try deleting all the cookies from the Safari browser and check the SessionInit and SessionSave methods.

Hope this helps. 

I am looking in there, and I am coming back to the original problem from above. The httpmodule is working just fine. The problem is that the cookie is not coming back correct in safari correctly. when it loads in, instead of being like

9D6go9e973TE+2ZpuB6Kn5j8MJM=,26386,

it comes back as

9D6go9e973TE+2ZpuB6Kn5j8MJM=

this causes the session id to be lost, and it recreates a new one every time. Now, I don't know what is going on in the 4.1.0 version that might be different from the version we have here, but that is the underlying problem, and it is a bug in safari as far as I am concerned. My problem is that I now need to workaround this bug and get the session to load correctly.

For instance, I have tried changing a few things (noted below) to get rid of the = sign at the end of the base 64 encoding...

ClientSession.cs around line 70, I have tried

if (arr.Length > 0)
{
string hmac = arr[0];
int times = 0;
if (!arr[0].EndsWith("="))
{
hmac = arr[0].Substring(0, arr[0].Length - 1);
times = Convert.ToInt32(arr[0].Substring(arr[0].Length - 1, 1));
}
for (int i = 0; i < times; i++)
{
hmac += "=";
}
base.HMAC = hmac;
}

Around Helper.cs line 180

int count = 0;
while (str.EndsWith("="))
{
str = str.Substring(0, str.Length - 1);
count++;
}
str += count;

and in ServicePipeHelper.cs around line 615 doing something like this..

string hmac2 = hmac;
int count = 0;
while (hmac2.EndsWith("="))
{
hmac2 = hmac2.Substring(0, hmac2.Length - 1);
count++;
}
hmac2 += count;
if (hmac2.Equals(Helper.GetHMAC(customerSession.SessionId)))

This, however, doesn't let the pages load anymore, and I am probably missing another place I would need to re-add the equal sign. Anyway, ANY help you can give me in finding this session beyond this point would be most helpful. I have been in and out of the process quite a bit, and I am frankly at a loss as to how to get around this bug in safari.

Just so you are aware, this is running on IIS7 Server 2008, and is fully patched. I am not troubleshooting your code working correctly...as it appears to be. I just don't know what else I can do to load that sessionid given that safari won't give it to me in the cookie. I don't know what is different between your demo site, and our copy here, as no changes I have made in the past have anything to do with this code, so it should be whatever you are using.

Alright, I setup the safari 3.2.2 version and went to our demo site and then to your site and it works just fine. I don't see any problems coming back to the cart. Both sites work fine.

Well, I feel a bit embarassed...I didn't realize that safari 4.0 beta was being "promoted" as their big download, so I took that as my version that was installed. Apparently the problem is with 4.0 beta on windows. I will have to look at this again with the mac versions to see if some of the other people are also facing the same mixup I did.

Thank you for your quick replies over the last couple of days. I will ping you back on here if I still need to fix it...or can better troubleshoot the problem.

I just ran a test on a mac runing Safari 3.2.1 and I was unable to add items to my cart.