Page MenuHomePhabricator

PayPal EC dead session error
Closed, ResolvedPublic2 Story Points

Description

Users are rarely, but at rates enough to be significant, getting sent to the FailPage for dead sessions. There seem to be two cases where this happens.

One, the user actually does come back with no session data, so we don't know who they are or what they were doing. Not much data logged here, but it has happened on two different browsers.

Two, the user makes a successful donation and the donor data gets cleared out of the session, then it appears we try to send another request to paypal, but since we've cleared the donor data, it looks to us like a dead session, even though they do have an active session, just without donor data.

Details

Related Gerrit Patches:
mediawiki/extensions/DonationInterface : masterPayPal dead sessions: show thank you page
mediawiki/extensions/DonationInterface : masterStandardize pending queue message and logging in API
mediawiki/extensions/DonationInterface : masterLeave form disabled while redirecting to PayPal EC
mediawiki/extensions/DonationInterface : masterWIP recover from dead sessions via EC token
mediawiki/extensions/DonationInterface : masterCommon setup for donation API tests, add one for PayPal EC
mediawiki/extensions/DonationInterface : masterPayPal EC: use ajax to get redirect URL

Event Timeline

XenoRyet created this task.Jun 14 2017, 8:32 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 14 2017, 8:32 PM
Ejegg claimed this task.Jul 12 2017, 4:02 PM
Ejegg triaged this task as High priority.
Ejegg moved this task from Backlog to Doing on the Fundraising Sprint Murphy's Lawyer board.
Ejegg set the point value for this task to 2.

Change 364794 had a related patch set uploaded (by Ejegg; owner: Ejegg):
[mediawiki/extensions/DonationInterface@master] WIP recover from dead sessions via EC token

https://gerrit.wikimedia.org/r/364794

Ejegg added a comment.Jul 12 2017, 6:45 PM

For paypal, the donor only hits our server once (as long as they have country/currency/amount in the URL). Our response has both a 'location' header and a 'set-cookie' header. Maybe some browsers are neglecting to set the cookie before redirecting?

If that's the problem, we might fix the issue by responding with a page showing the spinner and making an ajax call to get the token, then redirecting in javascript. The browser would have to store the cookie and send it back with the AJAX request in order to get to PayPal.

Change 364825 had a related patch set uploaded (by Ejegg; owner: Ejegg):
[mediawiki/extensions/DonationInterface@master] PayPal EC: use ajax to get redirect URL

https://gerrit.wikimedia.org/r/364825

Change 364825 merged by jenkins-bot:
[mediawiki/extensions/DonationInterface@master] PayPal EC: use ajax to get redirect URL

https://gerrit.wikimedia.org/r/364825

Change 365630 had a related patch set uploaded (by Ejegg; owner: Ejegg):
[mediawiki/extensions/DonationInterface@master] Common setup for donation API tests, add one for PayPal EC

https://gerrit.wikimedia.org/r/365630

Change 365648 had a related patch set uploaded (by Ejegg; owner: Ejegg):
[mediawiki/extensions/DonationInterface@master] Disable form while redirecting to PayPal

https://gerrit.wikimedia.org/r/365648

Change 365630 merged by jenkins-bot:
[mediawiki/extensions/DonationInterface@master] Common setup for donation API tests, add one for PayPal EC

https://gerrit.wikimedia.org/r/365630

Change 364794 abandoned by Ejegg:
WIP recover from dead sessions via EC token

Reason:
Going with an AJAX version of the redirect instead

https://gerrit.wikimedia.org/r/364794

Change 365648 merged by jenkins-bot:
[mediawiki/extensions/DonationInterface@master] Leave form disabled while redirecting to PayPal EC

https://gerrit.wikimedia.org/r/365648

Change 366159 had a related patch set uploaded (by Ejegg; owner: Ejegg):
[mediawiki/extensions/DonationInterface@master] Standardize pending queue message and logging in API

https://gerrit.wikimedia.org/r/366159

Change 366159 merged by jenkins-bot:
[mediawiki/extensions/DonationInterface@master] Standardize pending queue message and logging in API

https://gerrit.wikimedia.org/r/366159

mepps added a subscriber: mepps.Jul 27 2017, 7:36 PM

One short term fix is to add different error messaging when no active donation is found. That way the donor doesn't see "Your donation could not go through" even when it did.

Ejegg added a comment.EditedJul 28 2017, 10:25 PM

Some stats from the test of 2017-07-27:

Total number of PayPal EC order IDs: 10,238
Number of affected PayPal EC order IDs: 32 (0.31%)
Due to returning >1 hour after redirect: 2
Due to reloading resultswitcher after first attempt correctly processed donation: 3
Of remaining 27, 5 had BitdefenderSafepay in their User-Agent header
If Safepay is messing them up, that leaves 22 (0.21%) unexplained

All returned to the same payments server as they left

Compared with GlobalCollect:

Total number of GlobalCollect order IDs: 4,577
Number returning with a dead session: 8 (0.17%)
All returned within the hour

And from the test of 2017-07-13:
Total PayPal EC order IDs: 12835
Affected: 74 (0.58%)
Late returners: 2
Reloaders: 4
Bitdefender: 2
Unexplained: 66 (0.51%)

7 GC dead sessions out of 6336 orders (.11%)

So adding the AJAX redirect seems to have reduced our unexplained cookieless returners to a rate similar to GlobalCollect.

Of course, we should figure out whether the extra hits to our server end up causing a dropoff in donors that's worse than the benefit of the extra users getting cookies.

Ejegg closed this task as Resolved.Aug 2 2017, 7:35 PM

Change 373095 had a related patch set uploaded (by Ejegg; owner: Ejegg):
[mediawiki/extensions/DonationInterface@master] PayPal dead sessions: show thank you page

https://gerrit.wikimedia.org/r/373095

Change 373095 merged by jenkins-bot:
[mediawiki/extensions/DonationInterface@master] PayPal dead sessions: show thank you page

https://gerrit.wikimedia.org/r/373095