logo
Welcome to our new AbleCommerce forums. As a guest, you may view the information here. To post to this forum, you must have a registered account with us, either as a new user evaluating AbleCommerce or an existing user of the application. For all questions related to the older version of Gold and earlier, please go to AbleCommerce Gold forum. Please use your AbleCommerce username and password to Login. New Registrations are disabled.

Notification

Icon
Error

Options
Go to last post Go to first unread
rlopez397954  
#1 Posted : Tuesday, August 30, 2022 5:56:12 PM(UTC)
rlopez397954

Rank: Advanced Member

Groups: Authorized User, Registered, Developers, HelpDesk
Joined: 11/30/2018(UTC)
Posts: 86

Thanks: 8 times
Was thanked: 1 time(s) in 1 post(s)
I happened to stumble across this problem which is a really a bad bug with Able 9.0.6 I believe it has to do with the shipping estimator in the back end admin when using POS and front end as you are also logged into CMS. This happens on a live site and I also validated it on our test site. Here are the steps to reproduce this issue listed below.

1. logged into admin and processing a order in POS (real time)

2. When you get to the order screen for order options allowing you to choose shipping options I found that the shipping options price was different from the front end.

3. Open another tab in your browser and go to home page and add a product to your cart and then check shipping options to see if prices match. Remember (CMS button On/Off) should be visible at this point.

4. back to the admin side click the refresh button in your browser and see what happens. I did this because the shipping cost were different. The screen appears to show code being executed in a loop real time line by line and the screen blows up below.

At this point I just logged out of admin and closed my browser out (firefox) have not tested with Chrome or Edge. When I logged back in I did have an exception thrown in my Warning box. See below error which clearly shows shipping estimator had failed based on user's XX vs user logged in.

Quote:
An error has occurred at https://XXXXXXX.com/Chec...t/BasketShippingEstimate
Error


"Exception: The provided anti-forgery token was meant for user """", but the current user is ""XXXXXXXXXX.com"".
Stack Trace: at System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens(HttpContextBase httpContext, IIdentity identity, AntiForgeryToken sessionToken, AntiForgeryToken fieldToken)
at System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext)
at System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor)
at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
at System.Web.Mvc.Controller.ExecuteCore()
at System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext)
at System.Web.Mvc.Async.AsyncResultWrapper.<>c.<.cctor>b__15_0(IAsyncResult asyncResult, Action action)
at System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult)
at System.Web.Mvc.MvcHandler.<>c.<BeginProcessRequest>b__20_1(IAsyncResult asyncResult, ProcessRequestState innerState)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult)
at System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
"



I also have pictures as well as a quick video of the code executing on the admin back end I can post in case you cannot reproduce this. It has never been apparent that the cookie and cache settings are this sticky in Able 9 as I had never seen this in Gold 12 latest version. Anyway, please take a look and any feedback would be great.

Ricky

Wanna join the discussion?! Login to your AbleCommerce Forums forum account. New Registrations are disabled.

shaharyar  
#2 Posted : Wednesday, August 31, 2022 1:53:58 AM(UTC)
shaharyar

Rank: Advanced Member

Groups: Admin, Developers, Registered, HelpDesk, Authorized User
Joined: 10/5/2018(UTC)
Posts: 704

Thanks: 5 times
Was thanked: 113 time(s) in 112 post(s)
I am not able to reproduce the issue following the steps mentioned.

The exception message seems related to the form post request being sent after the session is expired or the user is somehow loggedOut.

There is a related issue when Zapier plugin is installed and the user account for admin is the same associated with zapier. Can you please confirm?

Also please share more details so that we could reproduce the issue. A video will be helpful.

Thanks
shaharyar  
#3 Posted : Wednesday, August 31, 2022 2:34:27 AM(UTC)
shaharyar

Rank: Advanced Member

Groups: Admin, Developers, Registered, HelpDesk, Authorized User
Joined: 10/5/2018(UTC)
Posts: 704

Thanks: 5 times
Was thanked: 113 time(s) in 112 post(s)
Quote:
An error has occurred at https://XXXXXXX.com/Chec...t/BasketShippingEstimate
Error


"Exception: The provided anti-forgery token was meant for user """", but the current user is ""XXXXXXXXXX.com"".
Stack Trace: at System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens(HttpContextBase httpContext, IIdentity identity, AntiForgeryToken sessionToken, AntiForgeryToken fieldToken)
at System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext)
at System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor)
at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
at System.Web.Mvc.Controller.ExecuteCore()
at System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext)
at System.Web.Mvc.Async.AsyncResultWrapper.<>c.<.cctor>b__15_0(IAsyncResult asyncResult, Action action)
at System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult)
at System.Web.Mvc.MvcHandler.<>c.<BeginProcessRequest>b__20_1(IAsyncResult asyncResult, ProcessRequestState in0nerState)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult)
at System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
"


I am able to reproduce the exception if I use the basket page to Calculate Shipping Estimate in the following case:

1- Login with an admin user A and visit the basket page, calculate shipping from the Shipping Estimate widget.
2- Now from a new tab, sign out and login with a user B
3- Go to the same page and without reloading use the Shipping Estimate widget to calculate shipping.

This time nothing happens on the screen and if you go to error logs you can see the same exception.
This is happening because of the Anit Forgery Tken being used by MVC to prevent CSRF attacks.
https://docs.microsoft.c...est-forgery-csrf-attacks
rlopez397954  
#4 Posted : Wednesday, August 31, 2022 9:19:30 AM(UTC)
rlopez397954

Rank: Advanced Member

Groups: Authorized User, Registered, Developers, HelpDesk
Joined: 11/30/2018(UTC)
Posts: 86

Thanks: 8 times
Was thanked: 1 time(s) in 1 post(s)
Hi Shaharyar,

To answer you question. We do not have the Zapier widget active as we do not use this app.

Here is a pic of a screen shot showing the admin side of the page blowing up after I refreshed the page in the browser from the admin side. I have a quick video, however, I cannot upload it for viewing.

screenshotable9.jpg (2,978kb) downloaded 7 time(s).

shaharyar  
#5 Posted : Thursday, September 1, 2022 5:12:09 AM(UTC)
shaharyar

Rank: Advanced Member

Groups: Admin, Developers, Registered, HelpDesk, Authorized User
Joined: 10/5/2018(UTC)
Posts: 704

Thanks: 5 times
Was thanked: 113 time(s) in 112 post(s)
Sorry but I am not able to reproduce the issue.

Were you reliably reproduce the issue following the steps you mentioned?

If you share the detailed steps to reproduce the issue or if you could manage to share the video.
Thanks
rlopez397954  
#6 Posted : Thursday, September 1, 2022 12:13:38 PM(UTC)
rlopez397954

Rank: Advanced Member

Groups: Authorized User, Registered, Developers, HelpDesk
Joined: 11/30/2018(UTC)
Posts: 86

Thanks: 8 times
Was thanked: 1 time(s) in 1 post(s)
Shaharyar,

Just getting back to this.

As of today I cannot reproduce the issue as well. But, here are the steps once again that I ran when this issue appeared in the Admin side.

1. looking up parts and shipping cost for a client over the phone. (I'm not logged in and should be anonymous user to the front end of the website).

2. I opened another tab in my browser (Firefox) and logged into Admin to place an order via pos. (I'm a Admin Super User).

3. Go to Manage>Orders>Create Order.

4. I'm now at the find customer screen and I tick next as this is a new customer order. Then I get too create order and I look up the parts and add them to the new order. I'm now at create order for new customer and I tick next.

5. I'm now at the billing address screen and input all of the billing information.

6. After ticking next I get to the order options screen and choose the shipping options drop down ( This is where I found the shipping options given did not match the shipping estimator options in the front end)

7. I tick my tab on the browser and go back to the front end and see the shipping cost are actually higher. I then tick back on the browser tab to the Admin order screen. This is when I did a refresh on the browser itself to see if the shipping options cost would match. The page then blows up and it starts running input script telling me what inputs need to be made for the billing address screen. You can see this from the pic I uploaded to you for viewing. I have a video in MP4 but cannot upload here in these blogs. I will be happy to send to someone if needed pm me a email address.

8. At this point I logged out of the admin and closed my browser out complete. I went over to our testing environment and was able to reproduce this issue time and time again.

I have checked all logs server side and no crash logs found in IIS and no crash logs found in the Admin data logs folder of our production and test site. If there is another place Able 9 has for logs other than the Admin Data folder please advise and I will check or set up if needed.

These were the exact steps used when this issue happened. This was the only time as well in the production site where it through the exception I listed earlier.

Thanks for your feedback and I will post back if I can reproduce this issue again with logging.

Ricky


shaharyar  
#7 Posted : Friday, September 2, 2022 4:23:33 AM(UTC)
shaharyar

Rank: Advanced Member

Groups: Admin, Developers, Registered, HelpDesk, Authorized User
Joined: 10/5/2018(UTC)
Posts: 704

Thanks: 5 times
Was thanked: 113 time(s) in 112 post(s)
Thanks for sharing the details. I will try to reproduce the issue once again.
Katie S  
#8 Posted : Friday, September 2, 2022 1:09:15 PM(UTC)
Katie S

Rank: Advanced Member

Groups: System, Administrators, Developers, Registered, HelpDesk
Joined: 10/29/2018(UTC)
Posts: 472

Thanks: 4 times
Was thanked: 34 time(s) in 33 post(s)
I also followed your steps to reproduce and couldn't do so.

I tested placing a new order from the admin with both a registered user and also with a new user. Refreshed the page where shipping methods are selected and it worked without error.

A couple things to note:

The retail side shipping estimator only has information for the state and zip code. It doesn't have the full details of the address, and whether it's a business or residential address, which can also change the rate.

When you are using the same browser and opening different tabs, the session should be retained in the new tab. At least for me, that's what happens. I can open a new tab and already be logged in.

If you want to work on both retail and admin sides simultaneously (as admin and anonymous user), you'll need to use different browsers.

Hope this helps
Thanks for your support!

Katie
Secure eCommerce Software and Hosting
ray22901031  
#9 Posted : Friday, September 2, 2022 1:17:10 PM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
You could also hold down the shift key and reopen the same browser, but it would be treated as a different session ID. My understanding is that you are correct regarding the tabs, if it's within the same browser window, it will share the session ID.

I'm still a little confused why you would work on the same order at the same time in both the front end and the backend. It is also worth noting, that I seriously doubt if insurance or shipping Padding would be the same in the front and, until you get to the checkout area, where your UPS account and negotiated rates would kick in.

Just my thoughts.
-Ray
rlopez397954  
#10 Posted : Saturday, September 3, 2022 12:57:47 PM(UTC)
rlopez397954

Rank: Advanced Member

Groups: Authorized User, Registered, Developers, HelpDesk
Joined: 11/30/2018(UTC)
Posts: 86

Thanks: 8 times
Was thanked: 1 time(s) in 1 post(s)
Thank you all for trying to reproduce this issue I ran into.

As of today I have now been able to reproduce this issue again. There are two items I left out with the last post regarding my process steps listed above.

1. Make sure you have the client checked off for a new user registration and checked for reset password when they log in. (I used 123456)

2. Choose a shipping option.

Once again I'm able to reproduce this issue as of today.

To Ray, this is not our procedure. The only reason I caught this was the shipping cost did not match what the front end shipping estimator was showing. This it what caused me to refresh the browser in the back end. We know that Shipping is only an estimate, but in this case it was almost $29.00 cheaper in the admin side and once again this is why I happen to do a refresh.

I believe that something is happening between the new user and the logged in user. I also cannot seem to find any logging of this since it appears not to fail. Once again if there is a way to try and log this please help, I'm very Junior on the back end.

Last I did take another video that I can send again if needed.

Your feed back has been great!

Once again thank you.

Ricky
Katie S  
#11 Posted : Monday, September 5, 2022 6:37:04 PM(UTC)
Katie S

Rank: Advanced Member

Groups: System, Administrators, Developers, Registered, HelpDesk
Joined: 10/29/2018(UTC)
Posts: 472

Thanks: 4 times
Was thanked: 34 time(s) in 33 post(s)
I have spent quite a bit of time trying to reproduce the issue, still with no luck.

I have tried using a Jr. Admin account, and made sure that a new customer account/pw was being created during the process. I also tried going to the payment page, and then back to shipping. In this case the user is created (this part is now hidden on screen) and I can still refresh the page to get shipping rates.

I'm not sure what else to try...this is an odd issue to report.
Thanks for your support!

Katie
Secure eCommerce Software and Hosting
rlopez397954  
#12 Posted : Wednesday, September 7, 2022 5:03:25 PM(UTC)
rlopez397954

Rank: Advanced Member

Groups: Authorized User, Registered, Developers, HelpDesk
Joined: 11/30/2018(UTC)
Posts: 86

Thanks: 8 times
Was thanked: 1 time(s) in 1 post(s)
Katie thank you for your efforts. I do want to add that I did notice as well that the register user did disappear after refreshing several times.

With that being said I still can re-produce this behavior as explained above. I also want to note that I have no customization to any of the admin side pos pages for processing a order. Now after some hard thinking I did make a change prior to this happening. I removed the require captcha from the admins only because logging in and out is cumber sum as a admin user. You could also try this as well.

Now whether this may be the cause or not I don't know as I stated above (I came across this by mistake do to the shipping charges did not match) which caused me to refresh on the admin side.


Thanks again for your help.
Users browsing this topic
Guest (2)
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.