Details
-
Type:
Bug
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: 4.6.4
-
Fix Version/s: Unscheduled
-
Component/s: CiviEvent
-
Labels:None
-
Versioning Impact:Patch (backwards-compatible bug fixes)
-
Documentation Required?:None
-
Funding Source:Needs Funding
Description
On a secure site, when event registration forms are submitted, the redirect after the POST goes to a non-secure page. If a module/plugin is present that redirects the GET request for the confirmation to a secure page, a fatal error occurs (cannot find valid value for id).
We are experiencing this on Wordpress, where we use the Wordpress HTTPS module to set the container page as a "secure page" and "secure child page".
Two screenshots attached, which show the original request, and the redirected GET request for the confirmation page. You will see that all URL parameters are preserved.
This issue only affects events (not contribution pages). It may be easier to replicate when you're not logged in/in incognito. I believe what is happening is that the original response sets a cookie under http, but this cookie is no longer available in https. If this is the case, why is the qfKey parameter not pulling up the session/transaction? Perhaps that is a separate bug.
I believe this issue appeared in 4.6; I did not encounter this issue before the upgrade.
Possibly related to CRM-16516.
