Regarding the error, it looks like your login page is visited directly by some robot. I wonder if you its an IPN request from PayPal? You should be able to query ac_PageViews table for HTTP POST requests to login page with User Agents other then the known browsers.



This provides added security by making cookies available only over HTTPS. You may have noticed a browse console warning on your browser



In 9.0.4, enabling the secure cookies will also remove the warning.

Follow up from my last post earlier today.

As it turns out we are seeing this error again only when orders are being placed. This is a PayPal IPN issue. I know that this was a problem that was reported earlier here in the forums along with a quick fix to bypass the login page. However, at the time we chose not to do this, as we were ok with waiting for the update fix do out during the next release.

I'm hoping that there is a way to fix this once and for all. The Paypal plugin API's have never been an issue on any of our sites, causing us to add extra code or redirects to make it work correctly. Our goal is to keep AC9 a simple as possible without any customization's to standard out of the box plugins, that should work.

As the planets must have aligned today I just received this notice from PayPal several hours ago regarding IPN changes that will go into affect the beginning of May. I don't know if this has been implemented already or if we have to do this ourselves. If someone from Able can give some feedback, i would greatly appreciate it.


####################################################
PAYPAL EMAIL NOTICE ABOUT IPN'S


As a reminder, communicated through email in the first week of December 2020, PayPal is expanding the Instant Payments Notification (IPN) infrastructure used to notify merchants about events related to the status of PayPal transactions. This change has added seven new IP addresses from which IPNs are being sent since January 18, 2021.

Below are all of the IP addresses that are being used for IPN.

66.211.170.66
173.0.81.1
173.0.81.0/24
173.0.81.33
173.0.81.65 (New)
173.0.81.140 (New)
64.4.240.0/21 (New)
64.4.248.0/22 (New)
66.211.168.0/22 (New)
173.0.80.0/20 (New)
91.243.72.0/23 (New)

Call to Action

If you are implementing any Access Control List (ACL) or filters on IP addresses for the IPNs received from PayPal, we request that you add all the aforementioned IP addresses before May 3, 2021.

Doing so will help avoid missing IPNs from PayPal. If you have any further questions about this migration activity, please feel free to reach out to Merchant Technical Support (www.paypal-techsupport.com).

Thank you,

PayPal

Frequently Asked Questions (FAQ)

Will there be any service impacts?

IPN delivery to the merchant will fail, if a merchant does not add all of the aforementioned IP addresses found on the Status Page (https://www.paypal-status.com/history/eventdetails/31029) before the cutover date, May 3, 2021.

What are the actions required by merchants?

Please forward these changes to your network team/system admin or if you are using a third-party hosting service provider forward these details to their technical support team. If you require further support, please reach out to Merchant Technical Support (www.paypal-techsupport.com).

Merchants implementing any Access Control List (ACL) or filters on IP addresses for the IPNs received from PayPal, need to add all the aforementioned IP addresses before May 3, 2021. Doing so will help avoid missing IPNs from PayPal.

Are these changes coming up only in Production?

Yes.

Additional information:

PayPal Status Page (https://www.paypal-status.com/history/eventdetails/31029)

PayPal live IP addresses Help Center article (https://www.paypal.com/us/smarthelp/article/ts1056)