How the favicon effects flashdata in Google Chrome
One of the biggest roles that we have as developers comes from testing our work to make sure that the functionality is working as intended. This includes testing how the site handles good and bad data. Do the forms account for missing information, prevent XSS attacks, duplicate content, invalid data, etc? We also need to test across multiple platforms, devices, browsers and versions.
Recently I was integrating a custom payment gateway into a shopping cart built with CodeIgniter. Everything worked as it was intended to, until I tested in Chrome.
In the shopping cart checkout process, after the user enters payment details and views the preview page, a CodeIgniter Flashdata was set to indicate the user had viewed the preview page.
Flashdata sets a session variable that is only valid for 1 request, and then removes it.
In this case it would be used as one of the security measures to ensure that the payment processing was coming from the correct page. If it was not, it would redirect the user away from the checkout processing.
“Adding the favicon into the site fixed the issue.”
Once I submitted the payment in Chrome, the browser redirected the path away from the processing page. No other browser did that. Upon further troubleshoot I noticed that the script was not seeing the Flashdata.
After looking more into Chrome, it appears that the browser attempts to automatically load favicon. In this particular site which was still under development, the favicon was missing – causing Chrome to load the site 404 page – which used up the Flashdata request, causing the payment page to not see the Flashdata and then be redirected.
Adding the favicon into the site fixed the issue.