Dev news

Commit 99bbcac63ac for woocommerce

commit 99bbcac63ac3433ea0e66305f3ddfb49b3aed3c3
Author: Neil Carlo Sucuangco <necafasu@gmail.com>
Date:   Sat Mar 7 20:23:53 2026 +0800

    Fix session cookie when guest creates account at checkout (#63335)

    * Fix session cookie when guest creates account at checkout

    * Add changefile(s) from automation for the following project(s): woocommerce

    * adjustments

    * Fix PHPCS array alignment warning in session handler test

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

    ---------

    Co-authored-by: woocommercebot <woocommercebot@users.noreply.github.com>
    Co-authored-by: Nadir Seghir <nadir.seghir@gmail.com>
    Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

diff --git a/plugins/woocommerce/changelog/63335-fix-63310-session-cookie-guest-to-user b/plugins/woocommerce/changelog/63335-fix-63310-session-cookie-guest-to-user
new file mode 100644
index 00000000000..b88823c6d8f
--- /dev/null
+++ b/plugins/woocommerce/changelog/63335-fix-63310-session-cookie-guest-to-user
@@ -0,0 +1,4 @@
+Significance: patch
+Type: fix
+
+Fix session cookie when guest creates account during checkout.
\ No newline at end of file
diff --git a/plugins/woocommerce/includes/class-wc-session-handler.php b/plugins/woocommerce/includes/class-wc-session-handler.php
index fcc0dd5b2dc..209ddfd2aa6 100644
--- a/plugins/woocommerce/includes/class-wc-session-handler.php
+++ b/plugins/woocommerce/includes/class-wc-session-handler.php
@@ -237,6 +237,11 @@ class WC_Session_Handler extends WC_Session {
 		 * @param string $user_session_id The Customer ID that the former session was converted to.
 		 */
 		do_action( 'woocommerce_guest_session_to_user_id', $guest_session_id, $this->_customer_id );
+
+		$this->set_session_expiration();
+		$this->update_session_timestamp( $this->get_customer_id(), $this->_session_expiration );
+		// Set cookie to user session. Otherwise next request still has guest id and the session is empty.
+		$this->set_customer_session_cookie( true );
 	}

 	/**
diff --git a/plugins/woocommerce/tests/legacy/unit-tests/session/class-wc-tests-session-handler.php b/plugins/woocommerce/tests/legacy/unit-tests/session/class-wc-tests-session-handler.php
index 822b63e7b1d..638f75862b6 100644
--- a/plugins/woocommerce/tests/legacy/unit-tests/session/class-wc-tests-session-handler.php
+++ b/plugins/woocommerce/tests/legacy/unit-tests/session/class-wc-tests-session-handler.php
@@ -252,6 +252,70 @@ class WC_Tests_Session_Handler extends WC_Unit_Test_Case {
 		$this->assertNotNull( $this->get_session_from_db( '1' ) );
 	}

+	/**
+	 * @testdox After guest becomes user, we set the session cookie so the next request gets the user session.
+	 */
+	public function test_migrate_guest_session_to_user_session_sets_customer_session_cookie() {
+		global $wpdb;
+
+		$guest_session_id   = 't_' . wc_rand_hash( '', 30 );
+		$session_expiration = time() + 50000;
+		$session_expiring   = time() + 5000;
+		$user_id            = 1;
+		$guest_session_data = array( 'cart' => 'migrated cart' );
+
+		$wpdb->insert(
+			$wpdb->prefix . 'woocommerce_sessions',
+			array(
+				'session_key'    => $guest_session_id,
+				'session_value'  => maybe_serialize( $guest_session_data ),
+				'session_expiry' => $session_expiration,
+			),
+			array( '%s', '%s', '%d' )
+		);
+
+		wp_cache_set(
+			WC_Cache_Helper::get_cache_prefix( WC_SESSION_CACHE_GROUP ) . $guest_session_id,
+			$guest_session_data,
+			WC_SESSION_CACHE_GROUP,
+			$session_expiration - time()
+		);
+
+		wp_set_current_user( $user_id );
+
+		$handler = $this
+			->getMockBuilder( WC_Session_Handler::class )
+			->setMethods( array( 'get_session_cookie' ) )
+			->getMock();
+
+		$handler
+			->method( 'get_session_cookie' )
+			->willReturn( array( $guest_session_id, $session_expiration, $session_expiring, 'cookie_hash' ) );
+
+		$session_cookie_value = null;
+		$capture_cookie       = function ( $enabled, $name, $value ) use ( &$session_cookie_value ) {
+			if ( strpos( (string) $name, 'woocommerce_session' ) !== false ) {
+				$session_cookie_value = $value;
+			}
+			return false;
+		};
+		add_filter( 'woocommerce_set_cookie_enabled', $capture_cookie, 10, 3 );
+
+		$handler->init_session_cookie();
+
+		remove_filter( 'woocommerce_set_cookie_enabled', $capture_cookie );
+		wp_set_current_user( 0 );
+
+		$this->assertNotNull( $session_cookie_value, 'Session cookie was set.' );
+		$this->assertStringStartsWith( (string) $user_id . '|', $session_cookie_value, 'Cookie has user id, not guest id.' );
+
+		// User gets 1 week, guest gets 2 days. Cookie must be 1 week.
+		$parts = explode( '|', $session_cookie_value );
+		$this->assertCount( 4, $parts, 'Cookie value has 4 parts.' );
+		$cookie_expiration = (int) $parts[1];
+		$this->assertGreaterThanOrEqual( time() + 6 * DAY_IN_SECONDS, $cookie_expiration, 'Cookie expires in about a week.' );
+	}
+
 	/**
 	 * Test that method destroys session when all conditions are met.
 	 */