Checkout success page immediately forwarded to cart page

When testing my site I have found that the checkout process with Paypal works sometimes well, sometimes not.

If it works not the problem is if a user confirms an order on the confirm page he is redirected to the cart page. The order is successfully placed and appears in the database - the URL of the checkout success page shows up for a second BUT is forwarded immediately to the cart page.

As I said this problem shows up only sometimes -
other times it works just fine.

The problem seems particularly to show up on Windows using Firefox.
On a Mac using Safari and Firefox I didn't had this problem.

Here is the php code of my pp_checkout_success page.
If someone could detect that issue, I would happy to know!
Thanks!

Top of page:

<?php
//WA eCart Include
require_once("../../WA_eCart/eCart_en_PHP.php");
?>
<?php require_once('../../Connections/mysql_--removed--.php'); ?>
<?php
$eCart_en->GetContent();
?>
<?php
require_once("../../WA_eCart/PP_ECO_Scripts/PP_ECO_PHP.php");
?>
<?php require_once( "../../WA_SecurityAssist/Helper_PHP.php" ); ?>
<?php
$WA_PP_ECO_GetResult = WA_PP_ECO_SOAPObject();
if ((isset($_GET["token"]) && isset($_GET["PayerID"])) || (isset($_SESSION["PayPal_ECO_Token"]) && $_SESSION["PayPal_ECO_Token"] != "")) {
$WA_PP_ECO_GetResult = WA_PP_ECO_Get_Post("--removed--", "--removed--", "--removed--", false);
}
?>
<?php
if (!WA_Auth_RulePasses("Logged in to users")){
WA_Auth_RestrictAccess("users_LogIn.php");
}

if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}

$colname_pp_check_succ_users = "-1";
if (isset($_SESSION['UserID'])) {
$colname_pp_check_succ_users = (get_magic_quotes_gpc()) ? $_SESSION['UserID'] : addslashes($_SESSION['UserID']);
}
mysql_select_db($database_mysql_--removed--, $mysql_--removed--);
$query_pp_check_succ_users = sprintf("SELECT * FROM users WHERE UserID = %s", GetSQLValueString($colname_pp_check_succ_users, "int"));
$pp_check_succ_users = mysql_query($query_pp_check_succ_users, $mysql_--removed--) or die(mysql_error());
$row_pp_check_succ_users = mysql_fetch_assoc($pp_check_succ_users);
$totalRows_pp_check_succ_users = mysql_num_rows($pp_check_succ_users);

$paramUserID_rsDownloadCount = "-1";
if (isset($_SESSION['UserID'])) {
$paramUserID_rsDownloadCount = (get_magic_quotes_gpc()) ? $_SESSION['UserID'] : addslashes($_SESSION['UserID']);
}
mysql_select_db($database_mysql_--removed--, $mysql_--removed--);
$query_rsDownloadCount = sprintf("SELECT COUNT(products.ProductLocation) AS DownloadCount FROM orders INNER JOIN orderdetails on orders.OrderID = orderdetails.DetailOrderID INNER JOIN products on orderdetails.DetailProductID = products.ProductID WHERE orders.OrderUserID = %s", GetSQLValueString($paramUserID_rsDownloadCount, "int"));
$rsDownloadCount = mysql_query($query_rsDownloadCount, $mysql_--removed--) or die(mysql_error());
$row_rsDownloadCount = mysql_fetch_assoc($rsDownloadCount);
$totalRows_rsDownloadCount = mysql_num_rows($rsDownloadCount);
?>
<?php
if ($eCart_en->IsEmpty()) {
$eCart_en->redirStr = "cart_en.php";
$eCart_en->cartAction = "RedirectIfEmpty";
}
?>
<?php
// WA eCart Redirect
if ($eCart_en->redirStr != "") {
header("Location: ".$eCart_en->redirStr);
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


Bottom of page:

<?php
mysql_free_result($pp_check_succ_users);

mysql_free_result($rsDownloadCount);
?>
<!-- CLEAR CART SESSIONS -->
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
@session_start();

//store the user session
$userSession = $_SESSION['UserID'];

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
@setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}

// Finally, destroy the session.
session_destroy();
unset($_SESSION);
@session_start();
@session_regenerate_id();


//reset user session
$_SESSION['UserID'] = $userSession;
?>

When it goes to the cart page, does it show the cart as being empty?

Usually when this happens it a problem with domain switching and sessions.

what i mean is changing from using www in the address to not using www

take not of the domain in the address bar when you see this happen.

If you access the site using:
www.mydomain.com

add some items to the cart and view the cart at:
cart.php


then take the www out of the address:
cart.php


you will see what i mean.

A different session cookie is created for www.mydomain.com and another for mydomain.com

they way to get around this is to force all traffic to go to www.mydomain.com using an htaccess rule:
force-www-htaccess.html

Thanks, Jason!

But the cart page is not empty! It shows the item that was in the cart before checkout. In other words the item that was ordered.

If I then reload the page then it is empty!!

Does that make a difference or should I go ahead with what you suggested ?


---
If so, I would have a further question:

We have a following tree on our server:

- root folder with domain: www.our_server_domain.com
--- site folder with domain: www.our_website.com
--- WA-folders

Where should I put the .htaccess file?

In the server root (but I guess that can't work because of the different domain) ?

Or in the site folder (connected to the domain www.our_website.com) ?

But in this case the WA Folders would be outside!
Would that be a problem?

Thanks!

send a copy of the cart page please.

This is the German cart page ...

ok, well that makes a bit more sense, you did not include info that you had two different carts...


the success page only has the english cart page attached to it.

it also has this code to check if the cart is empty:
<?php
if ($eCart_en->IsEmpty()) {
$eCart_en->redirStr = "cart_en.php";
$eCart_en->cartAction = "RedirectIfEmpty";
}
?>
<?php
// WA eCart Redirect
if ($eCart_en->redirStr != "") {
header("Location: ".$eCart_en->redirStr);
}
?>

if the german cart is populated, this success page will direct to the english cart page because the english cart will be empty.

Sorry, I probably created confusion posting to you the german card and forgot that I posted before the englich success page ...

But I have two success pages, one german page and one english page and the connection (and redirection) between the pages should be correct (hopefully!).

(I have created two whole different sets of checkout pages.)

Also, like I said, sometimes (or rather most times or in most browsers) it works well !!
Just in the Windows/Firefox combination I get the success page immediately forwarded to the card page.

I attache the german success page.
Btw why and when should the success page redirect to the card page?

Thanks for looking into this!!

i only see code on your pages to redirect to the cart page if the cart is empty:

?>
<?php
if ($eCart_de->IsEmpty()) {
$eCart_de->redirStr = "cart_de.php";
$eCart_de->cartAction = "RedirectIfEmpty";
}
?>
<?php
// WA eCart Redirect
if ($eCart_de->redirStr != "") {
header("Location: ".$eCart_de->redirStr);
}
?>

like i sugested before, make not of the domain in the address bar when it redirects to the cart page to make sure that the issue is not being caused by domain switching.

I watched the address when it redirects.

It seems to be still a www. address ...

I don't see that the www is changing or not more there.

I have created a support ticket so we can look into this issue further.

To view and edit your support ticket, please log into your support history:
supporthistory.php