Account Registration Error Code: Cookie = humans_21909=1

A customer in Nigeria tried to register as affiliate on our e-commerce website but encountered an error message: <script>document.cookie ="humans_21909=1"; document.location.reload(true)</script>.

He contacted us about the problem with detailed video screen recording and pictures.

The Region/State field was disabled so the customer couldn’t seethe pick list

I thought it was the cookie notification which he hadn’t accepted. But  that wasn’t the problem because he tried using another phone but had the same issue.

The Region/State field was disabled so he couldn’t see the picklist. I tried it here in the UK and it was ok. I sent messages to friends and family to test the page and they all had the same problem - failed to work on phone network but okay on home broadband/laptop; both in Nigeria and South Africa. This test was done to isolate network, hardware and software problems like browser cache and cookies, IP address or firewall and proxy issues, etc. vs. ModSecurity – a web application firewall that can actively look for attacks to the system and stop malicious activity. But, sometimes these server level codes can be triggered when legitimate work is being done, to effectively block or limit website access. This can happen when hosting companies do systems checks/updates. The solution for this is called whitelisting, which basically is granting specific access by IP address or URL.

An indication of this problem is sudden inability to log into your Dashboard especially if it is IP restricted. Don’t just update your IP, run a system-wide check to ensure your customers don’t have difficulties transacting on your website. I had this problem last week but I just fixed it for my self not realising it had wider implication.

No coding updates had been done on the website recently. Moreover, the affiliate registration form had been working perfectly. I did cursory check on the website to isolate malware/scripting issues. All looked okay.

I did a detailed search on the internet and found that many websites built on different Apps have had this problem including  WordPress, OpenCart, Magento, etc.

 Apparently so many others out there have s had this problem. The most common root causes are

1. Hosting company's security settings suddenly changed
2. Hosting service provider blocked file names and URLs that contain words like checkout, registration or contact.
3. New protection on the server. May require disabling Mod_Security if it's enabled on the server and restarting Apache.
4. Rename the register.php file to something like register2.php, registernew, registration.php, etc . The keyword "register" might be reserved hence causing the error.
5. Can be caused by an extension that makes all pages have SEO friendly URL
   

I felt that changing the register file name would necessitate changing all occurrences and references in other files. This could complicate the problem. I didn’t think it was a smart fix. Besides, if it had been working okay as evidenced my new registration emails up to now, and given that there had been no script editing recently, the web files didn’t need to be altered.

I contacted the hosting company and they immediately denied culpability and asked me to contact my web developer. I told them I am the web developer and there's been no problem with the website. After over10 hours of denials and arguments, they said:

“ just to set your expectation, while we are the hosting provider, there's a thin borderline of what we can support as Tech Support and being a web developer. As a tech specialist, we assist in making sure that our server works fine and can load your website. Design, scripting, web developing on the other hand must be handled by the website owner or their web developer. If its working at your end and another country is not, then it seems that the issue is with the coding on the scripts on the affiliate page .”

I noted that if the issue is with coding, customers wouldn't have been able to register up till recently. Moreover that argument fails given the fact that the website works perfectly in some countries and on some gadgets; but not others. It always worked in all countries on all gadgets. Surely the problem must have been caused by server related setting / recent update.

Finally, after about 10 hours and 4 different Tech Support specialists, they agreed that it wasn’t a scripting issue. They did something on the server and the problem was resolved.

 
If you’ve had a similar problem with accountregister, checkout or contact, there are 2 things you can do. If like me you didn't do any file modifications recently, focus on option 1:

1. Check with hosting company regarding server mod_security and other settings or recent updates.
2. In your Controller folder, change the name of the file/function that returns the error, e.g. ‘register.php’ to ‘new-reg.php’. But be very careful with this. Make backups first before modifying files. Make a note of all changes with detailed references so you can easily find and undo them if necessary.