Skip to content

Known Issues & Gotchas

Verified bugs, edge cases, and anti-patterns in the Checkout module with proven workarounds.

Issue Summary

3
Critical
4
Major
2
Minor

Severity Guide: Critical = Data loss/security risk | Major = Significant UX/functionality impact | Minor = Edge cases, cosmetic issues

Critical Issues (3)

Session Race Condition on Concurrent Requests

CRITICAL

When multiple AJAX requests are made simultaneously during checkout (e.g., address validation + shipping estimate), PHP session locking can cause race conditions where the quote state becomes inconsistent.

Symptoms

  • - Quote items disappear during checkout
  • - Shipping methods not loading
  • - "Quote not found" errors
  • - Inconsistent totals display

Affected Versions

2.3.x - 2.4.x (partially addressed in 2.4.6)

Workaround

  • 1. Serialize checkout AJAX requests (avoid parallel calls)
  • 2. Implement request queuing in JavaScript
  • 3. Use Redis for session storage to reduce lock contention
  • 4. Consider async session handlers (session.lazy_write)

Address Validation Bypass via Direct API

CRITICAL

Direct REST API calls to payment-information endpoint can bypass frontend address validation, allowing orders with incomplete or invalid addresses to be placed.

Risk

  • - Undeliverable orders
  • - Shipping cost miscalculation
  • - Tax calculation errors

API Endpoint

/V1/carts/mine/payment-information

Workaround

  • 1. Add server-side address validation plugin on PaymentInformationManagement
  • 2. Validate required fields before order placement
  • 3. Use address validation service (e.g., Google, SmartyStreets)

Double Order Placement on Slow Networks

CRITICAL

If the "Place Order" button is clicked multiple times before the response returns (slow network), multiple orders can be created. The default frontend disables the button but can be bypassed.

Symptoms

  • - Multiple orders with same items
  • - Customer charged multiple times
  • - Inventory oversold

Root Cause

No server-side idempotency check

Workaround

  • 1. Implement idempotency key in checkout requests
  • 2. Check for existing order with same quote before creating new
  • 3. Use database lock on quote during order placement
  • 4. Add rate limiting on payment-information endpoint

Major Issues (4)

Shipping Methods Not Refreshing on Address Change

MAJOR

After changing the shipping address, available shipping methods may not refresh until the page is reloaded. This is particularly common with custom shipping carriers or when country/region changes.

Workaround

Force shipping rates refresh by triggering Magento_Checkout/js/action/select-shipping-address action with the updated address, or clear the shipping rates cache in customer-data.

Guest Checkout Email Validation Inconsistent

MAJOR

Guest checkout email validation differs between frontend and API. Some invalid email formats pass API validation but fail frontend validation, causing confusion.

Workaround

Add consistent email validation on both frontend (Knockout validator) and backend (plugin on GuestPaymentInformationManagement). Use PHP's filter_var with FILTER_VALIDATE_EMAIL.

Agreements Checkbox State Lost on Step Navigation

MAJOR

If a customer goes back from payment to shipping step and returns, the terms and conditions checkbox state may be lost, requiring re-acceptance.

Workaround

Store agreement acceptance state in localStorage or quote extension attributes. Use a mixin on Magento_CheckoutAgreements/js/view/checkout-agreements.

Totals Not Updating After Coupon Apply

MAJOR

When applying a coupon code in checkout, the sidebar totals may not update until the customer interacts with another element or refreshes the page.

Workaround

After coupon apply, trigger quote.totals() observable update and invalidate the checkout-data customer-data section.

Minor Issues (2)

Checkout Step Indicator Accessibility

MINOR

The checkout step progress indicator (shipping → payment) lacks proper ARIA attributes for screen reader users.

Fix

Add role="progressbar", aria-valuenow, and aria-valuetext attributes to the step indicator template.

Loading Spinner Remains After Error

MINOR

If an AJAX request fails during checkout, the loading spinner may remain visible instead of being dismissed, leaving the checkout appearing frozen.

Fix

Ensure error handlers call fullScreenLoader.stopLoader() in all code paths. Add global AJAX error handler to dismiss loader.

Prevention Best Practices

Session Handling

  • - Use Redis or Memcached for sessions
  • - Serialize frontend checkout requests
  • - Implement request queuing for AJAX

Data Validation

  • - Add server-side address validation
  • - Validate before CartManagement::placeOrder()
  • - Use consistent validation on frontend/backend

Error Handling

  • - Always hide loaders in error callbacks
  • - Display user-friendly error messages
  • - Log detailed errors server-side

Testing

  • - Test with slow network simulation
  • - Test concurrent request scenarios
  • - Test guest and customer checkout paths