Magento add to cart issue on caching new products

Question

I’m having problem with add to cart function in new products widget in the homepage. By clicking on “Add to cart” it load /checkout/cart/ page but I receive “The cart is empty!”. I checked for JS problems but I haven’t any error, also in system log. In cache management, if I disable only BLOCK_HTML cache it works fine; if I re-enable it I have the problem

The website is hosted by siteground, actually in cron I have: every 25 min.: php /home/ledsuper/public_html/cron.php > /dev/null every 30 min.: /bin/sh /home/ledsuper/public_html/cron.sh

What is causing the problem? how can I do to try solve? Thx

Answer 1

This problem seems to be that the Cache is storing the "New Products" block, which contains the New Products with a "Add To Cart" Link which contains an old (incorrect) form key

What is the form key

This is a mechanism to protect from XSS attack, where a malicious attacker can add stuff to your cart while you're in a different browser tab or even complete an order for you. This relies on predictable URLs, because the site will not have access to the actual HTML content in the browser tab where you have your Magento order waiting. Everything sent to the Magento store will however submit your cookies and thus use your session. By adding a unique key to each form or to each link that generates an action on the server, the URL or form content becomes no longer predictable. The form key is stored in the session data and validated upon submission to the server. If they don't match - you get a form key error and the action is not completed.

The issue Here

Is that the way the add to cart it is implemented in Magento 1.8 in the New Product widget will generate form key errors, because it will cache a list of new products together with "add to cart" link, which will contain the form key of the user that first requested the page.

Why this issue doesn't show up when you're not using caching

When the block is generated, the add to cart link is created in product/widget/new/content/new_grid.phtml using the method $this->getAddToCartUrl which is defined in code/core/Mage/Catalog/Block/Product/Abstract.php which adds the form_key to the url.

Proposed Solutions

There are 3 options that I can think of

1. The simple one is to set the widget cache lifetime to 1, so it doesn't cache it at all. (Make sure to refresh all the caches after this change.) The (big) drawback from doing this, is that for every page load there will a call to re-render the block, by loading the collection.
2. Create a child block just for the add to cart button, which is not cached at all.
3. Change the link by editing product/widget/new/content/new_grid.phtml, and replacing the add to cart button, with a href to the product page, so that instead of adding the product to the cart, you redirect the user to the product page, where they add the product. This is probably the simplest, if you are OK with the workflow.

Answer 2

It's best to leave Magento's "Blocks HTML output" cache enabled to improve site performance. You can add a "cache_lifetime" node on your new products block and set it to the minimum allowed (1 second). In the end, your block code should look something like this:

{{block type="catalog/product_new" name="home.catalog.product.new" alias="product_homepage" template="catalog/product/new.phtml" _productsCount="8" cache_lifetime="1"}}

This will effectively keep the New Products block un-cached while safely keeping all other HTML block elements cached as usual, thus add to cart on caching new products won't have any issue.