Magento 1.8/1.9 + Turpentine empty cart issue | Plugin Company

This entry was posted on January 18, 2015 by Milan Simek.

Turpentine for Magento

Varnish and Magento overall work great together when using the Turpentine extension by Nexcess.
If you don't know about this excellent extension, check it out here.

Magento 1.8 and 1.9 empty cart issue

There is one issue though when using Turpentine with Magento 1.8+. Adding products to the cart won't work due to a form key issue. Form keys on the front-end have been added since Magento 1.8 to prevent XSS attacks.

The newest version of Turpentine mostly addresses this issue, but the issue still persists in the following scenario:

1. Open incognito tab (or visit website for the first time)
2. Add product to cart
3. The cart is empty

You can see that the form key in the form action and the form key hidden input don't have the same key on the first visit.

However, if you come from another page on the website, or refresh the page one time, the form key will be correct in both the URL and hidden input. It means that this issue only happens with new customers, clicking the add to cart button on the first page they land on.

The fix

EvrijnSD created a little module to fix the issue. Until the issue is completely fixed, you can use this workaround:

Fix:

Turpentine Formkey Workaround

Github issue thread

This entry was posted in Magento, Tips on January 18, 2015 by Milan Simek. ← Previous Post Next Post →

2 thoughts on “Magento 1.8/1.9 + Turpentine empty cart issue”

Nathan May 1, 2016 at 4:48 pm
This work around disables CSFR protection.
Reply ↓
Alex May 7, 2016 at 2:09 pm
Thanks for this fix. It saved my whole day of digging into the code
Reply ↓