Logged out purchase

  • Posts: 146
  • Thank you received: 6
  • Hikaserial Subscription Hikashop Business
8 months 3 weeks ago #342713

-- url of the page with the problem -- : my.vource.tv
-- HikaShop version -- : 4.6
-- Joomla version -- : 3.10.10
-- PHP version -- : 7.4.29

I have attempted several real orders on my system.
Each time a make a purchase through paypal I am logged out.

I do not want users logged out the system after they make a purchase.
What settings control this?

Please Log in or Create an account to join the conversation.

  • Posts: 78215
  • Thank you received: 12358
  • MODERATOR
8 months 3 weeks ago #342738

Hi,

You must be using the "user group after purchase" setting in the product you're purchasing.
After the purchase the plugin will automatically logout the user to reset his access to the website so that the new user group can be taken into account.

Please Log in or Create an account to join the conversation.

  • Posts: 146
  • Thank you received: 6
  • Hikaserial Subscription Hikashop Business
8 months 3 weeks ago #342767

Hello Nicolas,

1. What is the code and where is the code located? for the "user group after purchase" that logs a user out of the system after purchase?
I would like to edit it, so I can test to see if logout is necessary, on my site.

RATIONAL
When i change a user's settings on the backend of the website, the ACL change is detected by the user when the user selects a new menu item, or when the browser is refreshed -- without the user having to re-login. Therefore, a user should not have to be logged out for ACL updates to be recognized on the frontend. Especial if the "return to merchant" from paypal, sends the user to a different page.

I am building a video site, so logout of a customer, when compared to other video sites, is not an option. Re-login is a small, but unnecessary inconvenience, we do not want our users to experience.

I would prefer, a smooth one click process :: register - auto login (easysocial), select membership (hikashop), pay, return to video page, watch video.

If my rational does not work with your comp/plugin, please let me know.

Thanks,
Wrina

Please Log in or Create an account to join the conversation.

  • Posts: 78215
  • Thank you received: 12358
  • MODERATOR
8 months 3 weeks ago #342771

Hi,

The code is located in the file plugins/hikashop/group/group.php near the end of the onAfterOrderUpdate function.

I didn't know that changing the user group of a user in the backend would allow him to see the change on the frontend without logging out and then in.
At least, when I tried that many years ago, it didn't work:
forum.joomla.org/viewtopic.php?t=834958
Actually, I just tried on my end and this is still not possible on Joomla 4 at the moment. Please try and you'll see that you have to logout from the frontend to see the content after you add a user group to a user account.

And the problem is similar most of the time with the "user group after purchase":
The user group is added to the user account in the "onAfterOrderUpdate" function, when the order status changes from "created" to "confirmed".
This usually happens when the payment gateway notifies your website that the payment has been made. This notification usually doesn't go through the browser of the user (it can in some cases, it depends on the payment gateway you're using for the payments).
And so the issue is that the current user session is the session of the payment gateway server, not the session of the customer.
The problem is that joomla stores the user groups of the current user in the user session.
Joomla provides a function you can call to clear that cache. It's the function:
JAccess::clearStatics();
However, this can only work when you call it from the current user session and that's why we can't clear the cache of the user groups of a user after his purchase.
So we do the next best thing, which is to automatically log him off so that he has to relogin to see the new user group.

Now. There is a solution but it's not one we want to implement in HikaShop by default:
You can turn off the "force logout" setting of the HikaShop user group after purchase plugin via the joomla plugins manager.
That way, the user won't be logout after the user group is added.
Then, you can develop a small system plugin implementing the "onAfterRoute" event and just call the JAccess::clearStatics(); function.
This means that the user group cache of Joomla will be cleared each time a page is processed, so it will be as if that user group cache in the user session would be deactivated. And by doing it like that, the user will be able to access his purchased content without having to logout/login directly when coming back from the payment gateway (supposing the payment notification arrives on the server before he is redirected back).

The following user(s) said Thank You: wrina iamwe

Please Log in or Create an account to join the conversation.

  • Posts: 132
  • Thank you received: 3
  • Hikashop Business
7 months 2 weeks ago #343654

The timing for this information is extraordinarily useful! I did not know about the Group Plugin.

We've been fighting a problem where the customer has occasionally been forcibly logged out at the end of the checkout. Even though I suspected it involved the user being logged out/in, we haven't found a definite trigger. Your description gives me new ways to test.

A different issue I was thinking might be related.

It seems like the User object is being supplanted by an Identity object in Joomla4, but I haven't found much documentation or discussion about it. Any insights or leads?

Last edit: 7 months 2 weeks ago by icomex.

Please Log in or Create an account to join the conversation.

  • Posts: 78215
  • Thank you received: 12358
  • MODERATOR
7 months 2 weeks ago #343666

Hi,

Joomla 4 still uses a User object as far as I know. At least, from what I remember of the Joomla 4 code I looked at in the past year, I don't remember anything about Identity besides the SSO capabilities of Joomla : docs.joomla.org/SSO
But that's not linked.

Please Log in or Create an account to join the conversation.

  • Posts: 132
  • Thank you received: 3
  • Hikashop Business
7 months 2 weeks ago #343670

I've found a couple of discussions in the Joomla GitHub threads about how they were implementing it, but I never saw any discussion or justification about why. All I can tell is that it works (though the getIdentity() method does not appear to be static, like the getUser() is.) and they seem to be planning to use it to add a getCurrentUser() method to several different types of classes. As far as usage, I've seen it used in a couple of very recent tutorials, but it wasn't the subject of them and didn't seem to do anything different than the User object.

After reading the SSO article, that does seem to be a likely justification. Perhaps, in the future, an active User would need to maintain awareness of multiple Identities ...

Anyway, thanks for the tip.

Please Log in or Create an account to join the conversation.

  • Posts: 132
  • Thank you received: 3
  • Hikashop Business
7 months 2 weeks ago #343671

Alright. In a way, we gave up on our logging out during checkout problem. When we finally managed to narrow down when it was happening, it pointed towards an old version of the STRIPE HikshopPayment plugin, so, rather than bang our heads against that wall, we upgraded to the current one in the Hikashop Market. There's still an issue, but we're not being logged out.

The issue was so bizarre, I will summarize it for you, but I have no more questions about that other than idle curiosity. Basically, a registered user would occasionally be forcibly logged out of Joomla during checkout. What we finally managed to find was a repeatable pattern to trigger it, yet it still makes no sense.

I put logging code into every OrderAPI method (inserted into our plugin) and PaymentAPI method (inserted into the old Stripe plugin) which would just record the trigger name and the User's ID at the beginning and end of each trigger method. What we learned was that the User remained logged in before the order creation, through the payment plugin initialization, but was forgotten before the payment plugin received notification, and remained logged out through to the thank you page. HERE'S THE REALLY WEIRD PART. The site worked in all browsers but Chrome, but it didn't always fail there. If we quit and restarted Chrome, logged in as our user and placed an order, it would log us out. If we logged in again, it would succeed from that point on for multiple orders, even if we logged out and in again. Even if we emptied the browser cache. But always on the first time through, after a fresh restart, Chrome would forget its logged in user during checkout 100% of the time, on PC and MAC, -- always right before the payment plugin handled a transaction notice, yet the order was being successfully confirmed. Since it always happened when the payment plugin was busy, we blame it - but I don't think I could program that behavior if I tried. So we updated the payment plugin.

That issue seems to be gone, but the payment plugin's still temperamental on my partner's Chrome browser for Windows 10 - it won't allow any credit card to be submitted, (valid or test value) and when it fails - there is no message, nothing in the debug log, and the cart gets deleted. (we even shut off ALL Chrome extensions). He's going to test from a different PC tonight.

Like I said, I have no questions right now, I'm just completely baffled by ALL of the weird errors we couldn't figure out. I'm switching back to problems I know I can solve for the night.

Please Log in or Create an account to join the conversation.

  • Posts: 78215
  • Thank you received: 12358
  • MODERATOR
7 months 2 weeks ago #343676

Hi,

By old Stripe, I suppose you're talking about this one:
github.com/HikaShop/hikashoppayment-stripe/
So I suppose that you mean that in onAfterOrderConfirm the user is logged in, but in onPaymentNotification the user isn't. I don't really see why that would be the case.
onAfterOrderConfirm is called just before the credit card form is displayed at the end of the checkout.
And onPaymentNotification is called just after you valid that form.
(I'm talking for this old Stripe payment plugin specifically here)
In between, there is only the user filling the credit card form, and some javacript code which doesn't have the ability to logout the user.
So there must be something to it. I think you were on the right track with the debugging, but it would probably require more debugging to find the problem.

But well, since you switch to another payment plugin and you don't have that problem anymore, I suppose we can close this case for now.

Please Log in or Create an account to join the conversation.

  • Posts: 132
  • Thank you received: 3
  • Hikashop Business
7 months 2 weeks ago #343693

So I suppose that you mean that in onAfterOrderConfirm the user is logged in, but in onPaymentNotification the user isn't. I don't really see why that would be the case.

Neither did I. So I gave up.

I agree, my part of this thread is played out. Thank you for all your insights.

Please Log in or Create an account to join the conversation.

Time to create page: 0.087 seconds
Powered by Kunena Forum