Random redirect to homepage with Magento

Posted on by

This issue has bobbed its head a few times in various different ways.

The example is that a user reaches checkout, my account or an equally session critical area, but instead of reaching the selected page, they are redirected to the homepage. This can be a conversion killer as usually the bug appears most notably on checkout.

There can be a few reasons for this, however, we have found the two most common are:

1. Missing Com.php class

This is very common and a peculiar “bug” as it isn’t in the strictest sense. The file is required by the Zend library, but isn’t present with Magento’s default installation. Thankfully, this is a quick fix.

Com.php should be in ./lib/Zend/Validate/Hostname/Com.php. You can easily create it by copying ./lib/Zend/Validate/Hostname/De.php to ./lib/Zend/Validate/Hostname/Com.php and editing the file contents, so the class name is:

class Zend_Validate_Hostname_Com implements Zend_Validate_Hostname_Interface

Or use the whole file contents shown here:

<?php

/**
 * Zend Framework
 *
 * LICENSE
 *
 * This source file is subject to the new BSD license that is bundled
 * with this package in the file LICENSE.txt.
 * It is also available through the world-wide-web at this URL:
 * http://framework.zend.com/license/new-bsd
 * If you did not receive a copy of the license and are unable to
 * obtain it through the world-wide-web, please send an email
 * to license@zend.com so we can send you a copy immediately.
 *
 * @category   Zend
 * @package    Zend_Validate
 * @copyright  Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
 * @license    http://framework.zend.com/license/new-bsd     New BSD License
 * @version    $Id: De.php 8064 2008-02-16 10:58:39Z thomas $
 */


/**
 * @see Zend_Validate_Hostname_Interface
 */
#require_once 'Zend/Validate/Hostname/Interface.php';


/**
 * @category   Zend
 * @package    Zend_Validate
 * @copyright  Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
 * @license    http://framework.zend.com/license/new-bsd     New BSD License
 */
class Zend_Validate_Hostname_Com implements Zend_Validate_Hostname_Interface
{

    /**
     * Returns UTF-8 characters allowed in DNS hostnames for the specified Top-Level-Domain
     *
     * @see http://www.denic.de/en/domains/idns/liste.html Germany (.DE) alllowed characters
     * @return string
     */
    static function getCharacters()
    {
        return  'x{00E1}x{00E0}x{0103}x{00E2}x{00E5}x{00E4}x{00E3}x{0105}x{0101}x{00E6}x{0107}' .
                'x{0109}x{010D}x{010B}x{00E7}x{010F}x{0111}x{00E9}x{00E8}x{0115}x{00EA}x{011B}' .
                'x{00EB}x{0117}x{0119}x{0113}x{011F}x{011D}x{0121}x{0123}x{0125}x{0127}x{00ED}' .
                'x{00EC}x{012D}x{00EE}x{00EF}x{0129}x{012F}x{012B}x{0131}x{0135}x{0137}x{013A}' .
                'x{013E}x{013C}x{0142}x{0144}x{0148}x{00F1}x{0146}x{014B}x{00F3}x{00F2}x{014F}' .
                'x{00F4}x{00F6}x{0151}x{00F5}x{00F8}x{014D}x{0153}x{0138}x{0155}x{0159}x{0157}' .
                'x{015B}x{015D}x{0161}x{015F}x{0165}x{0163}x{0167}x{00FA}x{00F9}x{016D}x{00FB}' .
                'x{016F}x{00FC}x{0171}x{0169}x{0173}x{016B}x{0175}x{00FD}x{0177}x{00FF}x{017A}' .
                'x{017E}x{017C}x{00F0}x{00FE}';
    }

}

2. Session validation issues

This is a much easier fix and doesn’t require any file creation.

Log into your Magento admin and nagivigate to Admin > Configuration > Web > Session Validation Settings, drop the menu down next to Validate REMOTE_ADDR and select No.

validate

3. Missing template validation key after upgrade

This is not very common, but if you have been running a store for a while and choose to upgrade to 1.3 without updating your template, your code will be missing a vital line required for validation on any customer settings related pages (address addition, registration etc.).

Make sure the following code:

<?php echo $this->getBlockHtml('formkey')?>

Is in the following template files:

template/wishlist/sharing.phtml:<?php echo $this->getBlockHtml('formkey')?>
template/wishlist/view.phtml:    <?php echo $this->getBlockHtml('formkey')?>
template/customer/address/edit.phtml:    <?php echo $this->getBlockHtml('formkey')?>
template/customer/form/newsletter.phtml:        <?php echo $this->getBlockHtml('formkey')?>
template/customer/form/edit.phtml:    <?php echo $this->getBlockHtml('formkey')?>

4. Add to cart core fault

Source: Fix add to cart (redirect to homepage) bug

The fix for this bug that has reported some success is as follows:

In ./app/code/core/Mage/Checkout/Helper/Cart.php around line 59 change:

//$continueShoppingUrl = $currentCategory->getUrl();
$continueShoppingUrl = $this->_getRequest()->getRequestUri();

To:

$continueShoppingUrl = $currentCategory->getUrl();
//$continueShoppingUrl = $this->_getRequest()->getRequestUri();

5. Site has been hacked/hijacked

Source: http://www.sonassi.com/knowledge-base/magentowordpress-injection-vulnerability/

Although this is the least likely situation, it is becoming more and more apparent to those stores that are not hosted in a secure environment. The resolution is ideally to patch up all applications to the latest versions, perform strict, regular security audits and try to maintain a security level close to that of a low grade PCI compliance.

We are going to write a script, intended to run on a cron, to help stores detect this situation (however unlikely).

Magento Enterprise Solution Partner

Explore

Explore our world and see what we can do for you

Magento


Recent Blogs

  • http://criography.com criography

    This is really helpful! Cheers guys!

  • Pingback: Magento/Wordpress injection vulnerability | Manchester Magento web design, development, Magento hosting and aftercare :: sonassi

  • James

    Is #4 obselete? I see this line of code in Cart.php

    $continueShoppingUrl = $this->getCurrentUrl();

  • http://www.sonassi.com ben@sonassi.com

    Not obsolete, just not applicable in your case :)

  • German

    Hello, I followed your steps (I created the Com.php) but I still have the same error. In the cheqout porcess after filling the billing information, the system redirects to the cart page. I have the Magento V 1.3.2.4

    Any ideas ?
    Thank you. German

  • http://www.sonassi.com ben@sonassi.com

    H German,

    Did you try all 5 options?

  • German

    Hello. Thank you for your reply. In the 3 step, I have the getBlockHtml(‘formkey’)?> in these files.
    In step 4 I have the $continueShoppingUrl = $this->getCurrentUrl(); line in Cart.php, so I think it is ok.

    Step 1, yes I created the file Com.php as you told us. And in my configuration I have the Validate REMOTE_ADDR value set to NO.

    Thank you very much.
    German

  • CQ

    @German -

    We’re having the same issue with a client site. We’ve put all 5 of these options into place, and still have reports of redirects at the billing stage of checkout. We cannot repro. If anybody has any additional ideas, post! :)

    Great post, by the way.

  • Henrqiue

    Same here. =/

  • Henrique

    Guys. Here was the number of characters of the password that is in the etc/local.xml

  • David Correll

    Incredibly helpful post, I love that you didn’t stop at just 1 solution. Magento has so many quirks, it’s very blessed to have contributors like you.

    Thanks a mil.

  • Arun Kumar

    I had the same problem of redirecting to cart page without any errors, tried all the suggested solutions here and none of them worked, after some debugging we found that the issues was with mcrypt…. again this may not be a common reason but i could get this by looking into the server error log, there are not errors in the front end may be because of jquery but it was captured in the apache error log… may be helpful for others.

    cheers :-)

  • http://www.merch-bot.com/ Django

    I’m running 1.4.1.1 and none of these seem to apply to my installation.

    The com.php file in my zend library is totally different from yours, so I’m leery of copying over it.

    Has anyone else had this issue with 1.4.1.1 and not been able to solve it using the tips on this page?

  • http://www.sonassi.com ben@sonassi.com

    Just copy your version of de.php to com.php and change the class name.

  • job

    hi guys… unique error here; or at least i think so… I cannot get beyond loading customers details without being redirected to checkout/cart/ and i don’t have a de.php file. not sure how to proceed, any ideas?

  • Rajandanish

    Hello, I followed your steps still have error in the cheqout porcess after filling the billing information, the system redirects to the cart page. I have the Magento V 1.4.1.1, i have the Com.php file by default, the options are also as you mentioned, please tell me what i have to do further to fix this.

    Any help would be greatly appreciated.
    Thank you. Danish

  • Rajandanish

    @German,
    We have the same problem in case of multi site- multi domain with single checkout,
    Have you found any solution for this, my magento version is 1.4.0.1, please help me if have any solution.

    Thanks in advance,
    Danish

  • http://www.exanto.de Ingo
  • SittingBull

    I have also encountered a strange problem during checkout:

    Customer is not logged in. Customer buy a product and put it into the cart. When prompted for login the customer use ordinary login with username and password. When signed in the customer is directed directly to “My dashboard”. The checkout process is interrupted and customer has lost track of checkout. The buy process must start all over again. Instead of being directed to “My dashboard” the customer should just have continued and proceeded with the normal checkout procedure.

    This error exists only in Internet Explorer 8. In Firefox and Google Chrome everything work fine. The Magento version is 1.4.1.1. My developer is stuck on this problem. Do anyone of you have any thoughts what kind error this might be. Thankful for any inputs.

  • rahil

    Hi
    When i click on add to cart button from product detail page it gives me 500 Error. i m using magento enterprise ver 1.10.1.1

    any help would be appreciable ?

    Thanks

  • http://www.sonassi.com Benjamin

    You’re paying for Enterprise for a reason, contact your reseller.

    Otherwise, your issue is not related to the above and could be almost anything. If you are interested in a fix from ourselves, our emergency support should offer you a well-priced fix, see our aftercare options.

  • Paul Mallam

    You seem to have helped me resolve my issue at http://www.thermsaver.co.uk where I was getting the onepage showing a blank. I made a change to the Com.php file and that seemed to make the world of difference. Thank you very much :)

  • http://twitter.com/sparcksoft Kalen Jordan

    Hey thanks guys, this is a great reference. I have an issue which I think is related which is the issue where one customer sees another customer’s cart. This forum post goes into some detail but never really lands on any root causes:
    http://www.magentocommerce.com/boards/viewthread/225009/P15/

    Although they do also mention the Session Validation Settings as well.

    1. The Hostname_Com validation – I’m actually not seeing any references to that class name from within app/ in this 1.3.2.2. instance. Unless maybe the references to it don’t reference it by full class name. I’ll probably make that change for good measure, but would be good to know a little bit more about what’s going on here.

    2. It seems to me like one of the reasons that this can happen is when an ISP randomly changes their IP address for a user, for example, when they go from http to https during a checkout, and if REMOTE_ADDR is being validated, I can see why that would bounce them to a fresh session.

    4. Add To Cart Core Fault – Is this a fix for a symptom that occurs consistently or is this also in the randomly-occurs-with-some-production-customers category?

    Thanks again!