Unable to retrieve admin session data when frontend URL != backend URL about magento_crossareasessions HOT 7 CLOSED

OK, I think I see the problem there.

Send for: every type of connexion
Send for: secured connexions only

You admin cookie was was on an HTTPS page, or with HTTPS settings. You're browsing the frontend on an HTTP connection. If you browse the frontend via HTTPS, you should be able to get the adminhtml session cookie.

Unfortunately, there's nothing on the PHP level we can do to work around this. This is a browser security feature -- the session information simply isn't available to grab because it doesn't get sent.

We developed this extension for "give admin users a different view of the store" features, so we could push the admin users through a workflow that forced them in HTTPS mode. That's what you'll need to do here.

If you can share what you're trying to use the extension for, we're happy to help brainstorm workarounds.

Hope that helps!

from magento_crossareasessions.

@digitalpianism You'll need to debug this one on your own -- no time here to recreate your enviornment. That said, my guess is different cookie domains prevent the extension from loading the session id here

https://github.com/astorm/Magento_CrossAreaSessions/blob/master/app/code/community/Pulsestorm/Crossareasession/Model/Manager.php#L23

I'll point folks at the issue via twitter to see if anyone can help. Thank you for the bug report though!

from magento_crossareasessions.

@astorm haven't been able to fix the issue even when changing the session cookie management in the backend.

I have both frontend and adminhtml cookies set on the same domain but the line you pointed out can't retrieve the corresponding cookie.

Example:

Frontend cookie:

2016-03-01T16:57:58+00:00 DEBUG (7): frontend
2016-03-01T16:57:58+00:00 DEBUG (7): kd115doeglkdptec9uqo3numi3
2016-03-01T16:57:58+00:00 DEBUG (7): 1456937878
2016-03-01T16:57:58+00:00 DEBUG (7): /
2016-03-01T16:57:58+00:00 DEBUG (7): .shop.com

Adminhtml cookie:

2016-03-01T16:57:44+00:00 DEBUG (7): adminhtml
2016-03-01T16:57:44+00:00 DEBUG (7): q4p2oehfg58g1p5cfgdhffus91
2016-03-01T16:57:44+00:00 DEBUG (7): 1456855064
2016-03-01T16:57:44+00:00 DEBUG (7): /
2016-03-01T16:57:44+00:00 DEBUG (7): .shop.com

Will try to spend more time on that problem later.

from magento_crossareasessions.

@digitalpianism Thanks for the feedback. Here's some other things to try/check.

Do both cookies show up in the Resources -> Cookies tab? What are their properties there?

If you load a test.php page do both cookies show up in the $_COOKIES? super global?

from magento_crossareasessions.

@astorm If I check my browser cookies when browsing the frontend, the adminhtml cookie is listed:

Frontend cookie:

• Name: frontend
• Content: p8fj7.....
• Domain: .shop.com
• Path: /
• Send for: every type of connexion
• Expires on: March 3rd 2016

Adminhtml cookie:

• Name: adminhtml
• Content: q4p2o....
• Domain: .shop.com
• Path: /
• Send for: secured connexions only
• Expires on: March 2nd 2016

When I use a test.php file with print_r($_COOKIE); I get the following:

Array
(
    [frontend] => p8fj78jd9a...
)

Could it be because adminhtml cookie is only for secured connexions only ?
I tried testing with test.php file with https but no luck.

from magento_crossareasessions.

@astorm after trying several different configuration (especially the admin custom domain) I managed to get that working thanks ;) great extension btw

from magento_crossareasessions.

@digitalpianism Glad it's working -- cookie domains and settings can be tricky! Closing this out, please reopen if there's something that still needs to be addressed.

from magento_crossareasessions.