Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-16728

event registration fails (cannot find ID) on forms embedded in https pages

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 4.6.4
    • Fix Version/s: Unscheduled
    • Component/s: CiviEvent
    • Labels:
      None
    • Versioning Impact:
      Patch (backwards-compatible bug fixes)
    • Documentation Required?:
      None
    • Funding Source:
      Needs Funding

      Description

      On a secure site, when event registration forms are submitted, the redirect after the POST goes to a non-secure page. If a module/plugin is present that redirects the GET request for the confirmation to a secure page, a fatal error occurs (cannot find valid value for id).

      We are experiencing this on Wordpress, where we use the Wordpress HTTPS module to set the container page as a "secure page" and "secure child page".

      Two screenshots attached, which show the original request, and the redirected GET request for the confirmation page. You will see that all URL parameters are preserved.

      This issue only affects events (not contribution pages). It may be easier to replicate when you're not logged in/in incognito. I believe what is happening is that the original response sets a cookie under http, but this cookie is no longer available in https. If this is the case, why is the qfKey parameter not pulling up the session/transaction? Perhaps that is a separate bug.

      I believe this issue appeared in 4.6; I did not encounter this issue before the upgrade.

      Possibly related to CRM-16516.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              rares Rares P
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: