I had the same problem...
The answer is that your theme does not supply a variable called form_key
.
Just as stated above I have to add:
<input type="hidden" name="form_key" value="<?php echo Mage::getSingleton('core/session')->getFormKey(); ?>" />
you add it right after <ul class="form-list">
to each one of my login.phtml
files for the theme.
You may also have problems with updating the quantity of cart items
Here is the importance of form_keys
:
Since the beginning of time, Magento's backend contained a form key that protected against XSS attacks [1]. With Magento 1.8 the form key has entered the frontend for pretty much the same reason: to protect against form submission from another website, using your browser. a malicious attacker can add stuff to your cart while you're in a different browser tab or even complete an order for you. This relies on predictable URLs because the site will not have access to the actual HTML content in the browser tab where you have your Magento order waiting. Everything sent to the Magento store will however submit your cookies and thus use your session.
By adding a unique key to each form or to each link that generates action on the server, the URL or form content becomes no longer predictable. The form key is stored in the session data and validated upon submission to the server. If they don't match, you get a form key error and the action is not completed.
Magento SOAP Api has no method to authenticate customers.
What you can do is, get the customer info and then check the password. The problem is, doing this client side is a really bad idea.
The alternative is to implement your own method to just pass email and password to check it.
Best Answer
There is an issue in the Cookie path and Cookie domain.
Cookie Path should be
/
Cookie Domain should be
hotwheelstoys.in/one/em0113-full-package
Mage.Cookies.path = '/';
Mage.Cookies.domain = '.hotwheelstoys.in/one/em0113-full-package';
This setting is managed from the admin panel.
So go to
Admin -> System -> Configuration -> General -> Web -> Session Cookie Management
for making required changes.