Extend session time in checkout

You can start by googling "drupal session timeout". Session expiration is not controlled by Ubercart, it's handled in your PHP settings. In no event is it as short as 20 minutes by default, so if your sessions are timing out in that short a period you have probably altered your server settings.

Ubercart does control how long products remain in the cart, this can be changed at /admin/store/settings/cart. Again, the default is considerably longer than 20 minutes (it's 4 hours for anonymous users, 1 year for authenticated).

If you're using both http and https on your site, losing your session could also be because of the way you've configured Secure Pages to switch between http and https during the checkout process. If this is the case, the problem should go away when you turn off Secure Pages.

I think the issue here is the UC_CART_ORDER_TIMEOUT constant which is fixed at 600 seconds, so after 10 minutes of an order being idle, the next cron run will mark any "in checkout" orders as abandoned, which causes this to happen. This however needs to be changed for #1597154: Some PayPal Standard Orders "Abandoned" even though payment is received so any fix will be in that issue.

The settings TR mention apply to the cart. The UC_CART_ORDER_TIMEOUT constant applies to the conversion of a cart to an order, which happens at checkout time.

#1 might be your problem, but probably #2 is probably your problem: UC_CART_ORDER_TIMEOUT constant which is fixed at 600 seconds. Increasing it to for example 3600 seconds will automatically solve your prblem (they can take 1 hour to finish checkout).

The solution proposed in the link #2 (fix it with rules) won't work however. There is also a small difference in the problem, both cause by the same cause though (UC_CART_ORDER_TIMEOUT). The link in #2 is about abandoned orders, receiving payment after they are put onto abandoned. Our problem is that the order is emptied, because it is expired.

The problem is defenitely not fixed, as I was able to reproduce the problem with the latest updates just now.

But as a support request, the question was answered. Any fix will be implemented in #1597154: Some PayPal Standard Orders "Abandoned" even though payment is received, see for example my comment #7 in that issue - there is no need to have two issues open for the same problem. Contributing a patch, or at least any comments on the proposed solutions so far in that issue will be the fastest way to help move forward on this.

As proposed by the maintainer https://drupal.org/node/1597154#comment-7654749, I should open a topic asking for a variable checkout time. This topic already exists, although in here it is id to be a duplicate of the same topic I referred from. :)

My remark was:

The solution proposed in https://drupal.org/node/1597154#comment-7555239 won't solve this case. There are different schemes on how you want to use your checkout page. I customized mine so people can fill in their profile information too. Therefor, I would be very unhappy if they already get a time out, after only 10 minutes. Maybe a setting is better?

Best regards,

Geert

What do you suggest is more reasonable? 20 minutes? 30 minutes? I want to avoid adding settings if possible; it seems like we should be able to set a sensible value for all sites here.

What is the reason behind the timeout anyway? I now use an hour in my cases.

There are two timeouts at present; one is UC_CART_ORDER_TIMEOUT, which is now 24 hours, after which an "in checkout" order is moved to abandoned - this was recently increased due to orders being incorrectly abandoned after the user had paid at PayPal but the payment notification was not received straight away.

There is also a separate timeout of 10 minutes on the checkout page itself, this has been present in Ubercart for a long time, and according to the code comments this is designed to prevent "identity theft". I think the idea was that if a user on a public computer fills in the checkout form but closes their browser without completing checkout, it would be possible to obtain information such as their name and address. It is debatable whether this is necessary at all, though I am wary of simply removing it without discussing and exploring the full impact of doing so.

for me it is hard to identify how long the session should take. But this might be linked to the Drupal session time out? Otherwise a static 30 minutes should be enough in almost all cases.

Best regards,

Geert

Alright, let's increase the current 10 minute timeout to 30 minutes, that seems reasonable while not being excessive.

The attached patch increases the timeout to 30 minutes, and uses a proper constant instead of a magic number.

Committed #17.