FIXED MAGENTO UPGRADE: Enterprise 1.13.1 and Magento Community 1.8.1
- Customer Login, Account Creation, Wishlist, and Review Upgrade Issues -
If you’ve just upgraded or are considering an upgrade to the latest version of Magento (Magento Enterprise Edition 1.13.1 and Magento Community Edition 1.8.1), beware of some problems that we’ve encountered (and fixed!) with some of our clients.
-
Customers can’t log in
-
Customers can’t create an account
-
Customers can’t add items to wishlist
-
Customers can’t submit review
These issues are the result of a new form key requirement in the latest Magento release (Magento Enterprise Edition 1.13.1 and Magento Community Edition 1.8.1).
When submitting any kind of form, like when customers log in or create an account, Magento checks for a form key. If that form key doesn’t exist, Magento will "refuse" the form submission and the form won’t work. That means your customers can’t log in, create an account, add items to wishlist, or submit a review until the form key fix has been applied.
While form keys aren’t new, they are a new requirement to Magento. So, if your site uses a theme or custom form extension that was created prior to this Magento release, chances are that your forms won’t work and you will need to apply the fix mentioned below.
Repair the Magento Upgrade for Enterprise 1.13.1 or Community 1.8.1
The fix involves making edits in each relevant .phtml file to incorporate a form key anywhere a form is present. If you aren’t sure how to do diagnose which .phtml files are causing problems, we recommend hiring someone experienced with Magento development to track the problems down and make the appropriate changes.
Is it better to hire a developer or try and do fix it yourself?
If you’re familiar and comfortable working with Magento’s framework, writing PHP and HTML code, creating themes and templates before, and using diagnostic tools, it may be cheaper to make the changes to the templates yourself.
If, on the other hand, you’re not comfortable doing those things, it’s probably better to hire a Magento developer to do the work for you. The cost of hiring a certified Magento developer depends on your site’s characteristics like:
- How many forms do you have?
- How complex is the theme?
- Are there any custom form extensions involved? etc.
How much should it cost to fix?
Why did Magento start requiring the use of a form key?
Form keys aren’t a Magento invention. They’re a preventative security measure for both users and the site itself. For example, without the form key, a visitor could log into the website and visit a different website during that session. The other website could submit data through that form because the user is still logged in. For example, another website could submit an order for your customer without their permission.
With the form key, your site will validate the form submission to make sure the key matches the one in the session for that user before accepting the submission.
