Random redirect to homepage with Magento

This issue has bobbed its head a few times in various different ways.

The example is that a user reaches checkout, my account or an equally session critical area, but instead of reaching the selected page, they are redirected to the homepage. This can be a conversion killer as usually the bug appears most notably on checkout.

There can be a few reasons for this, however, we have found the two most common are:

1. Missing Com.php class

This is very common and a peculiar "bug" as it isn't in the strictest sense. The file is required by the Zend library, but isn't present with Magento's default installation. Thankfully, this is a quick fix.

Com.php should be in ./lib/Zend/Validate/Hostname/Com.php. You can easily create it by copying ./lib/Zend/Validate/Hostname/De.php to ./lib/Zend/Validate/Hostname/Com.php and editing the file contents, so the class name is:

class Zend_Validate_Hostname_Com implements Zend_Validate_Hostname_Interface

Or use the whole file contents shown here:



  • Zend Framework
  • This source file is subject to the new BSD license that is bundled
  • with this package in the file LICENSE.txt.
  • It is also available through the world-wide-web at this URL:
  • https://framework.zend.com/license/new-bsd
  • If you did not receive a copy of the license and are unable to
  • obtain it through the world-wide-web, please send an email
  • to license@zend.com so we can send you a copy immediately.
  • @category Zend
  • @package Zend_Validate
  • @copyright Copyright (c) 2005-2008 Zend Technologies USA Inc. (https://www.zend.com)
  • @license https://framework.zend.com/license/new-bsd New BSD License
  • @version $Id: De.php 8064 2008-02-16 10:58:39Z thomas $ */


  • @see Zend_Validate_Hostname_Interface */

    require_once 'Zend/Validate/Hostname/Interface.php';


  • @category Zend
  • @package Zend_Validate
  • @copyright Copyright (c) 2005-2008 Zend Technologies USA Inc. (https://www.zend.com)
  • @license https://framework.zend.com/license/new-bsd New BSD License */ class Zend_Validate_Hostname_Com implements Zend_Validate_Hostname_Interface {


    • Returns UTF-8 characters allowed in DNS hostnames for the specified Top-Level-Domain
    • @see https://www.denic.de/en/domains/idns/liste.html Germany (.DE) alllowed characters
    • @return string */ static function getCharacters() { return 'x{00E1}x{00E0}x{0103}x{00E2}x{00E5}x{00E4}x{00E3}x{0105}x{0101}x{00E6}x{0107}' . 'x{0109}x{010D}x{010B}x{00E7}x{010F}x{0111}x{00E9}x{00E8}x{0115}x{00EA}x{011B}' . 'x{00EB}x{0117}x{0119}x{0113}x{011F}x{011D}x{0121}x{0123}x{0125}x{0127}x{00ED}' . 'x{00EC}x{012D}x{00EE}x{00EF}x{0129}x{012F}x{012B}x{0131}x{0135}x{0137}x{013A}' . 'x{013E}x{013C}x{0142}x{0144}x{0148}x{00F1}x{0146}x{014B}x{00F3}x{00F2}x{014F}' . 'x{00F4}x{00F6}x{0151}x{00F5}x{00F8}x{014D}x{0153}x{0138}x{0155}x{0159}x{0157}' . 'x{015B}x{015D}x{0161}x{015F}x{0165}x{0163}x{0167}x{00FA}x{00F9}x{016D}x{00FB}' . 'x{016F}x{00FC}x{0171}x{0169}x{0173}x{016B}x{0175}x{00FD}x{0177}x{00FF}x{017A}' . 'x{017E}x{017C}x{00F0}x{00FE}'; }


2. Session validation issues

This is a much easier fix and doesn't require any file creation.

Log into your Magento admin and nagivigate to Admin > Configuration > Web > Session Validation Settings, drop the menu down next to Validate REMOTE_ADDR and select No.


3. Missing template validation key after upgrade

This is not very common, but if you have been running a store for a while and choose to upgrade to 1.3 without updating your template, your code will be missing a vital line required for validation on any customer settings related pages (address addition, registration etc.).

Make sure the following code:

<?php echo $this->getBlockHtml('formkey')?>

Is in the following template files:

template/wishlist/sharing.phtml:<?php echo $this->getBlockHtml('formkey')?>
template/wishlist/view.phtml:    <?php echo $this->getBlockHtml('formkey')?>
template/customer/address/edit.phtml:    <?php echo $this->getBlockHtml('formkey')?>
template/customer/form/newsletter.phtml:        <?php echo $this->getBlockHtml('formkey')?>
template/customer/form/edit.phtml:    <?php echo $this->getBlockHtml('formkey')?>

4. Add to cart core fault

Source: Fix add to cart (redirect to homepage) bug

The fix for this bug that has reported some success is as follows:

In ./app/code/core/Mage/Checkout/Helper/Cart.php around line 59 change:

//$continueShoppingUrl = $currentCategory->getUrl();
$continueShoppingUrl = $this->_getRequest()->getRequestUri();


$continueShoppingUrl = $currentCategory->getUrl();
//$continueShoppingUrl = $this->_getRequest()->getRequestUri();

5. Site has been hacked/hijacked

Source: https://www.sonassi.com/knowledge-base/magentowordpress-injection-vulnerability/

Although this is the least likely situation, it is becoming more and more apparent to those stores that are not hosted in a secure environment. The resolution is ideally to patch up all applications to the latest versions, perform strict, regular security audits and try to maintain a security level close to that of a low grade PCI compliance.

We are going to write a script, intended to run on a cron, to help stores detect this situation (however unlikely).