Page MenuHomePhabricator
Create Task
Maniphest T167923

PayPal EC dead session error
Closed, ResolvedPublic2 Estimated Story Points
Actions

Description

Users are rarely, but at rates enough to be significant, getting sent to the FailPage for dead sessions. There seem to be two cases where this happens.

One, the user actually does come back with no session data, so we don't know who they are or what they were doing. Not much data logged here, but it has happened on two different browsers.

Two, the user makes a successful donation and the donor data gets cleared out of the session, then it appears we try to send another request to paypal, but since we've cleared the donor data, it looks to us like a dead session, even though they do have an active session, just without donor data.

Details

SubjectRepoBranchLines +/-
PayPal dead sessions: show thank you pagemediawiki/extensions/DonationInterfacemaster+7 -2
Standardize pending queue message and logging in APImediawiki/extensions/DonationInterfacemaster+250 -25
Leave form disabled while redirecting to PayPal ECmediawiki/extensions/DonationInterfacemaster+19 -3
WIP recover from dead sessions via EC tokenmediawiki/extensions/DonationInterfacemaster+47 -0
Common setup for donation API tests, add one for PayPal ECmediawiki/extensions/DonationInterfacemaster+109 -27
PayPal EC: use ajax to get redirect URLmediawiki/extensions/DonationInterfacemaster+25 -11
Customize query in gerrit

Related Objects
Search...

Event Timeline

XenoRyet created this task.Jun 14 2017, 8:32 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 14 2017, 8:32 PM
DStrine moved this task from Triage to Completed in Q4 2016-17 on the Fundraising-Backlog board.Jun 15 2017, 5:21 PM
Ejegg added a subtask: T167990: Resultswitchers: send straight to ty page on reload.Jun 15 2017, 9:42 PM
DStrine added a project: Fundraising Sprint Loose Lego Carpeting.Jun 21 2017, 8:17 PM
Ejegg moved this task from Backlog to Doing on the Fundraising Sprint Loose Lego Carpeting board.Jun 29 2017, 4:39 PM
DStrine moved this task from Doing to Done on the Fundraising Sprint Loose Lego Carpeting board.Jul 5 2017, 7:52 PM
DStrine moved this task from Done to Pending Deployment on the Fundraising Sprint Loose Lego Carpeting board.
DStrine added a project: Fundraising Sprint Murphy's Lawyer.Jul 5 2017, 8:23 PM
DStrine moved this task from Completed in Q4 2016-17 to Current Sprint and Completed in Q1 2017-18 on the Fundraising-Backlog board.Jul 6 2017, 4:42 PM
Ejegg claimed this task.Jul 12 2017, 4:02 PM
Ejegg triaged this task as High priority.
Ejegg moved this task from Backlog to Doing on the Fundraising Sprint Murphy's Lawyer board.
Ejegg set the point value for this task to 2.
Pcoombe subscribed.Jul 12 2017, 4:03 PM
gerritbot subscribed.Jul 12 2017, 5:54 PM

Change 364794 had a related patch set uploaded (by Ejegg; owner: Ejegg):
[mediawiki/extensions/DonationInterface@master] WIP recover from dead sessions via EC token

https://gerrit.wikimedia.org/r/364794

gerritbot added a project: Patch-For-Review.Jul 12 2017, 5:54 PM
Ejegg added a comment.Jul 12 2017, 6:45 PM

For paypal, the donor only hits our server once (as long as they have country/currency/amount in the URL). Our response has both a 'location' header and a 'set-cookie' header. Maybe some browsers are neglecting to set the cookie before redirecting?

If that's the problem, we might fix the issue by responding with a page showing the spinner and making an ajax call to get the token, then redirecting in javascript. The browser would have to store the cookie and send it back with the AJAX request in order to get to PayPal.

gerritbot added a comment.Jul 12 2017, 7:10 PM

Change 364825 had a related patch set uploaded (by Ejegg; owner: Ejegg):
[mediawiki/extensions/DonationInterface@master] PayPal EC: use ajax to get redirect URL

https://gerrit.wikimedia.org/r/364825

gerritbot added a comment.Jul 14 2017, 8:06 PM

Change 364825 merged by jenkins-bot:
[mediawiki/extensions/DonationInterface@master] PayPal EC: use ajax to get redirect URL

https://gerrit.wikimedia.org/r/364825

ReleaseTaggerBot added a project: MW-1.30-release-notes (WMF-deploy-2017-07-18_(1.30.0-wmf.10)).Jul 14 2017, 9:00 PM
gerritbot added a comment.Jul 17 2017, 4:17 PM

Change 365630 had a related patch set uploaded (by Ejegg; owner: Ejegg):
[mediawiki/extensions/DonationInterface@master] Common setup for donation API tests, add one for PayPal EC

https://gerrit.wikimedia.org/r/365630

gerritbot added a comment.Jul 17 2017, 4:45 PM

Change 365648 had a related patch set uploaded (by Ejegg; owner: Ejegg):
[mediawiki/extensions/DonationInterface@master] Disable form while redirecting to PayPal

https://gerrit.wikimedia.org/r/365648

gerritbot added a comment.Jul 17 2017, 5:21 PM

Change 365630 merged by jenkins-bot:
[mediawiki/extensions/DonationInterface@master] Common setup for donation API tests, add one for PayPal EC

https://gerrit.wikimedia.org/r/365630

gerritbot added a comment.Jul 17 2017, 6:51 PM

Change 364794 abandoned by Ejegg:
WIP recover from dead sessions via EC token

Reason:
Going with an AJAX version of the redirect instead

https://gerrit.wikimedia.org/r/364794

gerritbot added a comment.Jul 18 2017, 5:43 PM

Change 365648 merged by jenkins-bot:
[mediawiki/extensions/DonationInterface@master] Leave form disabled while redirecting to PayPal EC

https://gerrit.wikimedia.org/r/365648

Ejegg moved this task from Doing to Done on the Fundraising Sprint Murphy's Lawyer board.Jul 18 2017, 6:44 PM
Ejegg closed subtask T167990: Resultswitchers: send straight to ty page on reload as Resolved.Jul 18 2017, 7:45 PM
ReleaseTaggerBot edited projects, added MW-1.30-release-notes (WMF-deploy-2017-07-25_(1.30.0-wmf.11)); removed MW-1.30-release-notes (WMF-deploy-2017-07-18_(1.30.0-wmf.10)).Jul 18 2017, 8:00 PM
gerritbot added a comment.Jul 18 2017, 9:27 PM

Change 366159 had a related patch set uploaded (by Ejegg; owner: Ejegg):
[mediawiki/extensions/DonationInterface@master] Standardize pending queue message and logging in API

https://gerrit.wikimedia.org/r/366159

gerritbot added a comment.Jul 19 2017, 3:09 PM

Change 366159 merged by jenkins-bot:
[mediawiki/extensions/DonationInterface@master] Standardize pending queue message and logging in API

https://gerrit.wikimedia.org/r/366159

DStrine added a project: Fundraising Sprint Navel Warfare.Jul 19 2017, 8:25 PM
Ejegg moved this task from Backlog to Done on the Fundraising Sprint Navel Warfare board.Jul 21 2017, 4:26 PM
mepps subscribed.Jul 27 2017, 7:36 PM

One short term fix is to add different error messaging when no active donation is found. That way the donor doesn't see "Your donation could not go through" even when it did.

Ejegg reopened subtask T167990: Resultswitchers: send straight to ty page on reload as Open.Jul 27 2017, 7:43 PM
Ejegg added a comment.EditedJul 28 2017, 10:25 PM

Some stats from the test of 2017-07-27:

Total number of PayPal EC order IDs: 10,238
Number of affected PayPal EC order IDs: 32 (0.31%)
Due to returning >1 hour after redirect: 2
Due to reloading resultswitcher after first attempt correctly processed donation: 3
Of remaining 27, 5 had BitdefenderSafepay in their User-Agent header
If Safepay is messing them up, that leaves 22 (0.21%) unexplained

All returned to the same payments server as they left

Compared with GlobalCollect:

Total number of GlobalCollect order IDs: 4,577
Number returning with a dead session: 8 (0.17%)
All returned within the hour

Ejegg added a comment.Jul 28 2017, 10:46 PM

And from the test of 2017-07-13:
Total PayPal EC order IDs: 12835
Affected: 74 (0.58%)
Late returners: 2
Reloaders: 4
Bitdefender: 2
Unexplained: 66 (0.51%)

7 GC dead sessions out of 6336 orders (.11%)

So adding the AJAX redirect seems to have reduced our unexplained cookieless returners to a rate similar to GlobalCollect.

Of course, we should figure out whether the extra hits to our server end up causing a dropoff in donors that's worse than the benefit of the extra users getting cookies.

Ejegg closed this task as Resolved.Aug 2 2017, 7:35 PM
Ejegg closed subtask T167990: Resultswitchers: send straight to ty page on reload as Resolved.Aug 16 2017, 7:48 PM
gerritbot added a comment.Aug 22 2017, 4:00 PM

Change 373095 had a related patch set uploaded (by Ejegg; owner: Ejegg):
[mediawiki/extensions/DonationInterface@master] PayPal dead sessions: show thank you page

https://gerrit.wikimedia.org/r/373095

gerritbot added a comment.Aug 22 2017, 4:06 PM

Change 373095 merged by jenkins-bot:
[mediawiki/extensions/DonationInterface@master] PayPal dead sessions: show thank you page

https://gerrit.wikimedia.org/r/373095

ReleaseTaggerBot edited projects, added MW-1.30-release-notes (WMF-deploy-2017-08-22 (1.30.0-wmf.15)); removed MW-1.30-release-notes (WMF-deploy-2017-07-25_(1.30.0-wmf.11)).Aug 22 2017, 5:00 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits