7

After installing patch SUPEE-9767 the "Enable Form Key Validation On Checkout" warning appeared and from the link provided in that warning I was able to enable Form Key Validation.

But, after having some issues in the checkout process I would like to try to disable it and check if everything comes back to normal.

The big problem here is that I cannot find where the option is in the admin menu.

I seem to recall it was in:

System > Configuration > Advanced > Security > Enable Form Key Validation On Checkout

But if it was there, now it has disappeared. Do I recall it wrong or what might be the issue?

7ochem
  • 7,532
  • 14
  • 51
  • 80
Antony
  • 383
  • 1
  • 3
  • 10

2 Answers2

10

Close! It's under System > Configuration > Admin > Security > Enable Form Key Validation On Checkout

Raphael at Digital Pianism
  • 70,385
  • 34
  • 188
  • 352
  • I enabled form key validation and now the checkout is broken. It will not advance past STEP 1 (billing info). v1.9.3.1 – yldziner Jun 03 '17 at 19:37
  • @yldziner There's a bug in Magento: https://magento.stackexchange.com/questions/177035/supee-9767-patch-ce-1-9-3-3-one-page-checkout-customer-registration-issue?noredirect=1&lq=1. – Anitr Jun 19 '17 at 10:44
  • 1
    I'm not seeing that setting on the System->Configuration->Admin page (under Security or elsewhere on the page) in an install of v1.9.1.0. Was that added in a later version? – Tim Malone Jun 26 '17 at 03:56
  • 1
    I'm also not seeing this setting - although I've found it in other installations. I'm also running - Magento ver. 1.9.1.0 – ol'bob dole Jul 03 '17 at 15:48
  • 1
    I too am not seeing the setting after the patch install from 1.9.1.0 – Rebel Jul 10 '17 at 18:08
  • @yldziner: did you solve this problem because it look's the same as my problem – Peter Aug 16 '17 at 11:16
1

How I fix it on Magento 1.9.3.7. with php70

  1. disable Form Key-just ignore the security message (if your theme does not support formkey -ask from whoever you bought it if theme supports formkey validation)
    To disable go to Configuration>GENERAL>WEB>Security>set to NO

  2. Fix your Session Cache Settings in Configuration>GENERAL>WEB>Session Cookie Management to:
    Cookie lifetime=3600 -default
    cookie path -leave empty
    cookie domain -leave empty
    use HTTP Only -set to YES (it's ok-because in url secure and unsecure i have https for both + ssl
    Cookie Restriction Mode -Set NO

  3. Clear Cache

  4. Clear Session logs (go to your public_html/var/session folder in hosting and delete everything ((your cron jobs should be set also for this folder -check with hosting

  5. clear browser cache
    login or do the checkout-is it working?
    If not -disable temporary any captcha plugin and test again

7ochem
  • 7,532
  • 14
  • 51
  • 80
seoradu
  • 11
  • 1