Difficulty: Easy
Modification: Store Configuration
Q:
I keep getting complaints from potential customers that they are unable to use magento’s checkout. Instead of going to checkout they are logged out of the system and their cart is emptied. Why is this happening? What can I do about that?
A:
The issue in this case is that magento validates user sessions using their IP addresses. Validating customer’s IP address fails miserably when the customer’s ISP uses a proxy for http connections (and it seems many ISPs do that, at least in the UK). The problem occurs when switching from http to https. When on http, the customer connects through a proxy, so the session is created with the proxy’s IP address. When the customer is redirected to https (eg. goes to checkout) the connection is direct and the proxy is bypassed. Now the customer is connecting from his own IP address and not through a proxy, so his IP has changed. Magento detects this and invalidates the session.
The fix is fairly simple. You have to change the Session Validation settings in the Magento Admin. To do that go to System > Configurations > Web and choose ‘no’ on every option. After doing this, go to System > Cache Management and refresh the configuration cache to apply the changes.
