Cookie nonce is invalid

  • Resolved Michael Sumner

    (@xmic)


    3 years ago

    Hello,

    The Cookie nonce appears to be invalid when as a guest user, it works when logged in. I wouldn’t assume it is to do with caching, as we have excluded this properly and checked with Siteground that it is an excluded URL and not cached at all.

    ### WordPress Installation ###

    Site Name: Aluna Healing
    Home URL: https://www.alunahealing.co.uk
    Site URL: https://www.alunahealing.co.uk
    SSL/HTTPS Enabled: Yes
    Version: 5.7
    Locale: en_US
    Multisite: No
    Permalinks: /%year%/%monthnum%/%day%/%postname%/
    WP Memory Limit: 128 MB
    WP Debug Mode: No
    Script Debug: No

    ### WP Simple Pay Lite Settings ###

    WP Simple Pay Lite Lite Version: 2.6.1
    Stripe TLS: TLS 1.2 is supported. No action required.
    Simple Pay Test or Live Mode: Live Mode
    reCAPTCHA: No
    Rate Limit File: Yes

    ### Active Theme ###

    Theme: Betheme – 21.4.5
    Child Theme: No
    Parent Theme: –

    ### Active Plugins ###

    Auto Cloudinary: 1.2.3
    Yoast Duplicate Post: 4.1.2
    Yoast SEO: 16.0.2
    Slider Revolution: 6.4.0
    WP Downgrade | Specific Core Version: 1.2.2
    MC4WP: Mailchimp for WordPress: 4.8.3
    NextGEN Gallery: 3.9.0
    WP Simple Pay Lite: 2.6.1
    WooCommerce Stripe Gateway: 5.0.0
    Page Animations And Transitions: 2.3.0
    Classic Editor: 1.6
    WooCommerce PayPal Checkout Gateway: 2.1.1
    WooCommerce Square: 2.4.0
    WooCommerce: 5.1.0
    WooCommerce Shipping & Tax: 1.25.10
    SG Optimizer: 5.7.19
    Accept Stripe Payments: 2.0.44
    Redirection: 5.0.1
    Really Simple SSL: 4.0.13
    WP Stripe Checkout: 1.1.7
    Mailchimp for WooCommerce: 2.5.1
    Jetpack by WordPress.com: 9.5
    WooCommerce Admin: 2.1.3
    Formidable Forms: 4.10
    Contact Form 7: 5.4
    Photo Gallery: 1.5.70
    WooCommerce PDF Invoices & Packing Slips: 2.8.2
    Events Manager: 5.9.11.3
    Force Regenerate Thumbnails: 2.0.6

    ### Server Environment ###

    Web Server: Apache
    PHP Version: 7.3.27
    MySQL Version: 5.7.32-35-log
    Server Timezone: UTC
    Display Errors: Yes
    Server PHP Memory Limit: 768M
    Upload Max Filesize: 256M
    Post Max Size: 256M
    Max Execution Time: 300
    Max Input Vars: 5000
    cURL Enabled: Yes
    cURL Version: 7.66.0
    OpenSSL/1.1.1g-fips
    mbstring (Multibyte String) Enabled: Yes
    fsockopen: Yes
    SOAP: Yes
    SUHOSIN: No
    WP Remote POST: Yes
    WP Remote GET: Yes

    ### Client Information ###

    IP Address: 35.214.0.243
    Browser: Chrome 89.0.4389.90 (Apple)

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor Adam Lea

    (@adamjlea)

    3 years ago

    Hello @xmic,

    It’s very likely still a cache issue. It’s possible that it’s not caching new values, but the old cache was never purged.

    So it sounds like you’ve got all the settings correct, etc., but please ensure that you’ve actually purged any old SG Optimizer caches.

    Regards,

    Thread Starter Michael Sumner

    (@xmic)

    3 years ago

    Hi @adamjlea

    Thank you, it appears that the cookie issue is coming from the plugin WooCommerce PayPal Checkout Gateway (disabling this gets the /stripe/ plugin working).

    Anything worth doing, or I reckon the best solution would be to exclude the WooCommerce PayPal Checkout Gateway from running on particular pages?

    Kind regards,
    Michael

    Thread Starter Michael Sumner

    (@xmic)

    3 years ago

    In particular, it’s this bit of code from the other plugin:

    
/**
	 * Creates a customer session if one is not already active.
	 */
	public function ensure_session() {
		// TODO: this tries to replicate Woo core functionality of checking for frontend requests.
		// It can be removed once we drop support for pre-3.5 versions.
		$frontend = ( ! is_admin() || defined( 'DOING_AJAX' ) ) && ! defined( 'DOING_CRON' ) && ! defined( 'REST_REQUEST' );

		if ( ! $frontend ) {
			return;
		}

		if ( ! empty( WC()->session ) && ! WC()->session->has_session() ) {
			WC()->session->set_customer_session_cookie( true );
		}
	}
    Plugin Author Spencer Finnell

    (@spencerfinnell)

    3 years ago

    Hello @xmic,

    Great find, and you are indeed on the right track as to another cause of the “cookie nonce invalid” issue that we recently found. WooCommerce was taking over API requests incorrectly: https://github.com/woocommerce/woocommerce/issues/23682

    This has been resolved, but unreleased, here: https://github.com/woocommerce/woocommerce/pull/29542

    A slightly modified code snippet from this comment should work for you: https://github.com/woocommerce/woocommerce/issues/23682#issuecomment-667311217

    https://gist.githubusercontent.com/spencerfinnell/eb158d2145f2a64e61d46c6c5e5bd503/raw/7bde7f2ee7b57f3fc3895e90af8ec57e3d1c64c0/functions.php

    You should be able to remove this once WooCommerce 5.3 is released.

    Please let me know if you have any further questions.

    Thread Starter Michael Sumner

    (@xmic)

    3 years ago

    Hi @spencerfinnell

    That’s brilliant thank you for sharing this added insight! Good thing it’s also quite timely in release dates, and PS finally the 2019 issue will be resolved.

    Happy contributing 🙂

    Kind regards,
    Michael

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Cookie nonce is invalid’ is closed to new replies.