Hello @ddapparel
So PayPal is just spamming my database sessions table for reasons I’d like to know how to stop if possible.
PayPal Payments generally does not create any entries in this table.
The wp_woocommerce_sessions
table stores user session data for WooCommerce. Entries are created when a visitor starts a session on the site, typically by adding an item to the cart. This allows WooCommerce to track cart contents and other session-specific data even for users who aren’t logged in. When a website visitor has a product in the cart while the PayPal buttons are active, WooCommerce may store specific PayPal data in the session data it would be storing regardless.
Even disabling PayPal Payments plugin should also have no big impact on whether these session entries are created or not.
Kind regards,
Krystian
Hi @inpsydekrystian
Thing is, the records are empty as I posted. There is no cart data. Meaning, no one added anything to the cart – yet it’s still spamming my DB table. If it went with a cart, that would make sense.
Just since I posted this issue 2.5 days ago, that table has doubled and is now 27mb with over 14k rows: https://imgur.com/a/4SftBxh – give it a week and it will be 50mb and 30k rows. A month probably over 500mb and 300k rows. I modified my cart expiration so it expires after 30 days, not the standard 48 hours, so this will build for 30 days. And I A) can’t just delete them because then I clear everyone’s carts & B) that is just insane anyway – I don’t have time for that.
It says right in it ppcp and is related to paypal and this plugin. I had no issues until I added/enabled this plugin. I found the GitHub link here of someone else reporting the exact same issue: https://github.com/woocommerce/woocommerce-paypal-payments/issues/1564 – you and the “Niklas” person are saying disabling this plugin would still cause this issue? So WooCommerce now has FraudNet integrated automatically?
Is there a way to properly stop it from simply recording empty logs of this? It will make my database bloated for no reason and make it tougher to backup (and restore if necessary).
Thank you for your time.
Hello @ddapparel
We discussed this matter in our recent backlog meeting, and the issue has been forwarded to our developers for further analysis. We are currently awaiting a more detailed response from them. Once we have more information we will be sure to update you here promptly.
Should you have any further questions or require additional assistance in the meantime, please do not hesitate to get in touch.
Kind Regards,
Krystian
Hi @inpsydekrystian
Thank you for forwarding this issue. My database as I had mentioned will do, just keeps growing with the exact same rows as I posted in the OP. It is now up to 25k rows and 45mb: https://imgur.com/11yinmn – I’m on track to hit 50mb and 30k rows in 7 days as I mentioned previously. That is not good – that is larger than the rest of my database. Out of all those rows I probably have 15 actual carts. I can tell through a table (CSV) export.
I also have another site running (for 6 weeks now) with the latest WooCommere but this plugin is not installed. That one has 4 rows and each one is a legit cart. So something with this PayPal plugin is causing the “ppcp_fraudnet_session_id” spam.
So again it is much appreciated that this will be investigated. Oh and BTW I’m using:
WordPress: 6.4.3
WooCommerce: 8.6.1
WooCommerce PayPal Payments: 2.5.4
I should also mention I have had “FraudNet” unchecked in the settings.
Thank you.
Hello @ddapparel,
We’ve been unable to replicate the issue you’re facing. If you’re not using FraudNet, an alternative solution is to update the modules/ppcp-wc-gateway/src/FraudNet/FraudNetSessionId.php
file. Specifically, you should modify the __invoke()
method to:
public function __invoke() {
return '';
}
We can also offer a plugin package that includes this modification. After applying this change, any new sessions initiated by WooCommerce should no longer include references to FraudNet. If you continue to encounter excessive sessions, it appears they may not be related to PayPal Payments.
Please try this out and share your feedback with us.
Regards,
Krystian
Hi @inpsydekrystian
Thank you for that code info. I actually found that I needed to place another forward bracket ( “{” ) after the first one, otherwise it was saying there was an error a few rows down when editing using cPanel file editor. Other than that, it was fine.
So I have been checking the table over the past few days and it seems the “ppcp_fraudnet_session_id” parts of the entry are gone, so that code worked to stop that. Question: why if I have FraudNet disabled that it doesn’t do what the code does that you just gave me? If I have FraudNet disabled in admin, it should disable it in the same way.
But, it does seem like something else may indeed be the culprit – as you say you couldn’t replicate it and maybe it is something with my site because it still seems to be getting spammed with empty cart contents, but I don’t think as much – which is weird.
I’m going to be keeping an eye on the session_ID numbers instead of the amount of rows because now 30 days have past (since I changed the cart session length) so sessions are now also being removed (not just added).
I’ll report back with more findings. But thanks for that code so far, it might be helping to narrow this down.
I have the exact same issue.
Woocommerce_sessions table is flooded with PPCP_fraudnet_session_id rows, and FraudNet is not enabled in the Paypal settings. Grows by about a thousand rows per minute!
@inpsydekrystian
I’ve tried the posted method, but it seems that it has already been implemented in the latest version of the plugin – yet it’s still happening.
Why is Fraudnet seemingly active, when it’s turned off in the settings?
Deactivating the plugin dosen’t work either it just keeps growing and growing.
Wanted to report back, that in our case it was a couple of IP’s (traced to Alibaba Cloud HK) that just kept hammering the site with the following IP’s:
47.76.209.138
47.76.99.127
Blocking those two ip’s has returned things to normal; The row creation in woocommerce-sessions has slowed to a normal pace.
Hopefully that will help others to look into suspicious IP-acitivity.