Last modified: 2010-10-29 00:19:57 UTC
It appears that when the AJAX request sets a user's session for a cached single-click donation page, a cookie with the user's session id is not getting set. The result is that when a user attempts to click 'donate by paypal' or submit the credit card form, they will be told that their session has expired and are required to fill out the form again/try clicking the paypal button again. It seems that there is a problem setting a PHP session via AJAX - a cookie with the session id does not get set on the user's system. A simple solution would be to have the session id sent back in the AJAX request and have Javascript set the cookie for the user. Also, as a side note, we should push the paypal redirect logic to happen /before/ token checking, since (particularly with slow connections) a user may hit the paypal button before the ajax has finished doing its session setting.
fixed in r75636