Could not create stripe checkout session

  • Url Private atm
  • Version 3.17.1
  • Environment production
  • Database mysql
  • Mail SMTP
  • Configuration default
  • Brwoser all
  • Theme Lyra hardcoded (members pages only the graphics have changed)

After months of stripe testing I switched to the live version and changed the keys.

I made a test payment and it was successful.
I switched back to the test keys, and now it doesn’t work anymore.

I am experiencing the following error from console:

members.min.js?v=f9c61e32d4:1 POST https://domain.it/members/api/create-stripe-checkout-session/ 401 (Unauthorized)
(anonymous) @ members.min.js?v=f9c61e32d4:1
Promise.then (async)
r @ members.min.js?v=f9c61e32d4:1
members.min.js?v=f9c61e32d4:1 Error: Could not create stripe checkout session
    at members.min.js?v=f9c61e32d4:1

I found these two topics but they didn’t solve my problem:
https://forum.ghost.org/t/cannot-choose-payment-type-doesnt-fire-stripe-checkout/
https://forum.ghost.org/t/no-redirect-to-the-stripe-checkout-page/

My Stripe account is verified and with all the necessary information, I also use the same Stripe account in a replica of my site on another server and I don’t experience this problem. So it’s not a Stripe problem I think.

This is a very little part of the log file:
https://pastebin.com/t4V83RGe

  • I have tried several times to use both test and live keys
  • I restarted Ghost
  • I cleared the cache
  • I have disabled the serviceworker

I think I have tried everything, I repeat that everything works on the replica.

I also tried to delete the webhook from the stripe dashboard, I reinserted the test keys on ghost, the webhook recreated correctly on stripe, but the problem persists.

https://pastebin.com/H7VKPbJu

I updated to the latest version 3.17.1 hoping for something, but the problem is still there, I can’t understand why.

If you’re looking for some help, it’s important to provide as much context as possible so that people are able to assist you:

  • What’s your URL?
  • What version of Ghost are you using?
  • What configuration?
  • What browser?
  • What errors or information do you see in the console?
  • What steps could someone else take to reproduce the issue you’re having?

Thanks! :blush:

If you can share your theme, that would also be useful! As well as your settings for members, and the flow through which you used to initiate the checkout session

1 Like

I have updated the post, I think I have said practically everything

I think I have tried everything, I repeat that everything works on the replica.

Are you running two instances of Ghost connected to the same Stripe Account? What urls are both instances connected to?

Two Ghost platforms on two different servers

By simply adding the same Stripe test API keys to the ghost dashboard on both platform, two different webhooks were generated on this page:
https://dashboard.stripe.com/webhooks

Endpoint:
https://domainA.it/members/webhooks/stripe
https://domainB.it/members/webhooks/stripe

They always worked simultaneously.

To solve the problem, I eliminated the replica webhook, so now I only have the main webhook, but nothing changed.

I noticed that on my production server, whether I am logged in or not logged in, when I try to checkout, I have the following Request Payload:

1. {plan: "Monthly",…}

  1. identity: "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJwaWVyby5ub3ZpZWxsb0BvdXRsb29rLml0Iiwia2lkIjoickxXdlgzS0dZcjU5YWwySmR4NFlfQ1JZYVBRVkUxdGtXdTJBVWhUUHJRdyIsImlhdCI6MTU5MDQ0NTM5OSwiZXhwIjoxNTkwNDQ1OTk5LCJhdWQiOiJodHRwczovL25vdmllbGxvLml0L2dob3N0L2FwaS91bmRlZmluZWQvIiwiaXNzIjoiaHR0cHM6Ly9ub3ZpZWxsby5pdC9naG9zdC9hcGkvdW5kZWZpbmVkLyJ9.Wc8ot2h18q4WxLRHjzREH2-p26XkafzEN0VgFYmbvECLaTK2pzgn01MExr4GbMHfhf2ifi-p9INCxZgZkKlCXjXp03sxkS6yqyhr0Zxuj3kllYGVtQzOHne7VVNF4BTvGVBxtsx4rNOHW5J0wX50Nc89At6z9rkoA4Mv6jMGCPQ"
  2. plan: "Monthly"

While on the replica, where everything works, when I’m not logged in, the identity parameter is null:

1. {plan: "Monthly", identity: null}

  1. identity: null
  2. plan: "Monthly

How come this difference? Could it be the cause of the problem? I tried from a different browser with incognito mode, identitiy param is never null on the server in production. I didn’t have this problem before switching to the Live version of Stripe.

Unfortunately I can’t reproduce the problem on the replica, I went to the live version here too, but I don’t find the same bug.

I understand that this is the problem, the call https://domain.it/members/api/session always returns that value to me.

Then a call is made with that identity parameter which probably does not exist:

await fetch("https://domain.it/members/api/create-stripe-checkout-session/", {
    "credentials": "include",
    "headers": {
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0",
        "Accept": "*/*",
        "Accept-Language": "it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3",
        "Content-Type": "application/json"
    },
    "referrer": "https://domain.it/signup/",
    "body": "{\"plan\":\"Monthly\",\"identity\":\"eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJwaWVyby5ub3ZpZWxsb0BvdXRsb29rLml0Iiwia2lkIjoickxXdlgzS0dZcjU5YWwySmR4NFlfQ1JZYVBRVkUxdGtXdTJBVWhUUHJRdyIsImlhdCI6MTU5MDQ0NTM5OSwiZXhwIjoxNTkwNDQ1OTk5LCJhdWQiOiJodHRwczovL25vdmllbGxvLml0L2dob3N0L2FwaS91bmRlZmluZWQvIiwiaXNzIjoiaHR0cHM6Ly9ub3ZpZWxsby5pdC9naG9zdC9hcGkvdW5kZWZpbmVkLyJ9.Wc8ot2h18q4WxLRHjzREH2-p26XkafzEN0VgFYmbvECLaTK2pzgn01MExr4GbMHfhf2ifi-p9INCxZgZkKlCXjXp03sxkS6yqyhr0Zxuj3kllYGVtQzOHne7VVNF4BTvGVBxtsx4rNOHW5J0wX50Nc89At6z9rkoA4Mv6jMGCPQ\"}",
    "method": "POST",
    "mode": "cors"
});

Response
	body: ReadableStream { locked: false }
	bodyUsed: false
	headers: Headers {...}
	ok: false
	redirected: false
	status: 401
	statusText: "Unauthorized"
	type: "basic"
	url: "https://domain.it/members/api/create-stripe-checkout-session/"

What caused this sudden problem? It seems not to resolve itself

Any tips?

I inserted the registration link in the cloudfare cache rules, I purged the cache from Cloudflare, and then I also totally disabled cloudflare, the session response value is always there even if I’m not logged in

EDIT: there is no interest in solving this ghost bug, I reinstalled everything and solved