I had the same problem...
The answer is that your theme does not supply a variable called form_key
.
Just as stated above I have to add:
<input type="hidden" name="form_key" value="<?php echo Mage::getSingleton('core/session')->getFormKey(); ?>" />
you add it right after <ul class="form-list">
to each one of my login.phtml
files for the theme.
You may also have problems with updating the quantity of cart items
Here is the importance of form_keys
:
Since the beginning of time, Magento's backend contained a form key that protected against XSS attacks [1]. With Magento 1.8 the form key has entered the frontend for pretty much the same reason: to protect against form submission from another website, using your browser. a malicious attacker can add stuff to your cart while you're in a different browser tab or even complete an order for you. This relies on predictable URLs because the site will not have access to the actual HTML content in the browser tab where you have your Magento order waiting. Everything sent to the Magento store will however submit your cookies and thus use your session.
By adding a unique key to each form or to each link that generates action on the server, the URL or form content becomes no longer predictable. The form key is stored in the session data and validated upon submission to the server. If they don't match, you get a form key error and the action is not completed.
It was quite simple in the end
<?php if ($this->helper('customer')->isLoggedIn()): ?>
<?php Mage::app()->getFrontController()->getResponse()->setRedirect(Mage::getUrl('customer/account'));?>
<?php else: Mage::getSingleton('customer/session')->setBeforeAuthUrl(Mage::helper('core/url')->getCurrentUrl()); ?>
<?php endif ?>
If the custom successfully logs in then redirect to the customer account page otherwise stay on the current URL
Best Answer
Go to
System -> Configuration -> Advance -> Advance and disbale
the magento customer module output. This will disable the login/ registration and all stuff regarding customer.