WordPress nonce not verifying WooCommerce cart action

In order to make product pages cacheable WooCommerce sessions are not created until a cart is created.^1,2

WooCommerce overrides one of the nonce parameters with a value which changes based on whether or not a WooCommerce session has been created.^3,4

When you create the nonce for a new user with no cart and no session the nonce is calculated with one set of inputs. When you check the nonce after an item has been added to the cart the check value is generated with a different set of inputs because the WooCommerce session now exists. This causes a different nonce value to be generated and the nonce check against the old nonce value to fail.

One workaround is to proactively create the WooCommerce session before creating the nonces. Note this could impact how your site is cached.

https://github.com/woocommerce/woocommerce/issues/4920#issuecomment-35846419
https://mikejolley.com/2013/12/20/problems-with-cart-sessions-and-woocommerce/
https://developer.wordpress.org/reference/functions/wp_create_nonce/
https://github.com/woocommerce/woocommerce/blob/c16acc6b5104acb0ed082e7df1c63dfd77598459/includes/class-wc-session-handler.php#L224

CodeHunter

WordPress nonce not verifying WooCommerce cart action

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last