• Virtuemart 3.4 prepare for the future

    This release is now ready for all our VirtueMart users. Due to the wide ranging changes we have made to underlying core functions and the removal of old VirtueMart and Joomla compatibility (which was weighing things down and slowing future developments), we have taken more time putting this release together than usual. Initial feedback from our beta testers has shown us that it has been worth the extra effort and time that it took. Here are some highlights:- Improved core - VirtueMart core now...

    Read More ...

Please consider the following changes in the layouts or API of VirtueMart 2

From VM 2.0.4 To 2.0.6

In the VirtueMart configuration, in the checkout tab, check the box "Display modal popup upon 'Add to cart'", if you want your website to behave as before.

If you use another template then the default one provided, please adapt it to those changes :

1) components/com_virtuemart/views/askquestion/tmpl/form.php
line 21 / 22

$min = VmConfig::get('vm_asks_minimum_comment_length', 50); 
$max = VmConfig::get('vm_asks_maximum_comment_length', 2000) ;


$min = VmConfig::get('asks_minimum_comment_length', 50);
$max = VmConfig::get('asks_maximum_comment_length', 2000);

2) /components/com_virtuemart/views/cart/tmpl/default_pricelist.php
- line 150, an echo was missing

Old code:


Change to



- line 339

Old code

 currencyDisplay->createPriceDiv('totalInPaymentCurrency','', $this->totalInPaymentCurrency,false); ?>

Change to

 totalInPaymentCurrency;   ?>

3) components/com_virtuemart/views/invoice/tmpl/invoice_items.php
line 163 and 175 same as number 2 in case you use a form there

4) components/com_virtuemart/views/invoice/tmpl/mail_html_pricelist.php

remove all lines and replace with

 echo $this->loadTemplate('items'); 

5) components/com_virtuemart/views/user/tmpl/edit_address.php
line 147

Old code



From VM 2.0.2 To 2.0.4

If you use another template then the default one provided, please adapt it to those changes :

1) The calls for creating the prices have been changed
The display:


has been changed to

$this->currencyDisplay->createPriceDiv('taxAmount','', $this->cart->pricesUnformatted[$pkey],false,false,$prow->quantity)

The reason for this change is that the prices are not stored anylonger in the cart to keep the session clean, so that more products can be added to the cart.
The file affected by these change is :
- all price layouts in the cart
=> /components/com_virtuemart/views/cart/tmpl/default_pricelist.php

2) The function priceDisplay has changed


echo $this->currency->priceDisplay( $item->product_basePriceWithTax)


echo  $this->currency->priceDisplay( $item->product_basePriceWithTax ,0, $qtt)

Files affected are:

=> /components/com_virtuemart/views/invoice/tmpl/invoice_items.php
=> /components/com_virtuemart/views/invoice/tmpl/mail_html_pricelist.php
=> /components/com_virtuemart/views/invoice/tmpl/mail_html_pricelist.php

3) display of the single items in the cart, mails, invoice and orders
Furthermore we changed the display of the single items in the cart, mails, invoice and orders.
When you used overwrites consider to start with the new layout and add your changes again,
it may be faster and cleaner.


This Article applies to VirtueMart 1.1 only!


VirtueMart stores all user information - including the cart and it's product contents - on the server side. Only the server knows what products a customer has in their cart.


 But how does the customer keep the cart?

The customer's browser stores a small cookie with the name "virtuemart". This cookie's value refers to the correct "Session ID" on the server, so the server knows what session it needs to load.
When a customer browses your shop, the browser sends the cookie value to the server each time before the page loads. The server loads the correct session and presents all the products the user has in their cart. Actually PHP cares for the Session Management.


Then why does the cart empty each time I browse to a new page?

 This could be due to many different reasons. Some of the more common ones are:-


Do NOT use VirtueMart in a framed site


If you run a VirtueMart shop in a framed site, you will run into serious problems.

  • Cookies are only stored for the domain they are set to. If www.example.com loads the shop from the domain shop.2lm2lcm.net in a frame, the cookie can't be stored for www.example.com, but only for shop.2lm2lcm.net. This prevents the cart contents from being kept.
  • Internet Explorer has very restrictive security settings. When frames come into play, it blocks cookies from other domains. You can confirm this by the red sign at the right bottom of the browser window.


Is your Session Save Path writable?


What is a "Session Save Path"?

This is the path where all the sessions' data is stored by the server. If this path is not writable, no sessions will be stored at all. This results in empty carts, because the information about which product was added into a cart couldn't be saved.


You can overcome this issue by checking your session save path. In the Administration Backend go to "System" => "System Info". In the section "Relevant PHP Settings" you will find the value for the session save path. Now make sure this directory exists AND is writable.


You're using Shared SSL certificates?


Shared SSL allows you to use a SSL certificate at a very low price. The downside is that you share the certificate with other users of the same provider.

The problem with Shared SSL is that it uses a domain other than your shop domain. As explained above, cookies are only valid for the domain where they are set.

So even if exactly the same site loads on a new domain - all login information and the cart contents are gone.

Luckily VirtueMart has a mechanism that copies the session information from the "http" domain to the "https" domain, so the customer can proceed smoothly in the checkout.

Here it is absolutely necessary to keep your "image directory" (/components/com_virtuemart/shop_image/) writable.



Keep VirtueMart and Joomla! up-to-date!


Different versions of Joomla! come with different session mechanisms and cookie names. This tohuwabohu makes it hard for VirtueMart to stay compatible with all those versions. There are known incompatibilities with

  • VirtueMart 1.0.4 and Mambo 4.5.3
  • VirtueMart 1.0.2 and Joomla! >= 1.0.7
  • VirtueMart ? 1.0.3 and Joomla! > 1.0.8


 You're using Mambo >= 4.5.3 ?


When using Mambo 4.5.3 and a VirtueMart version earlier than 1.0.5 it's recommended to follow these intructions.


You're using a bridged Forum (SMF) ?


Please follow the instructions from this topic.

Note: All code changes affect the file /administrator/components/com_virtuemart/classes/ps_session.php.


 Shared SSL Fix by Asterix:


I was having cart drop problems and problems even just with the SSL redirect in general (cluster server for http seperate https:// with different urls for secure server (i.e. https://secure1.myhost/mydomain). Disable SEF URLs and change your .htaccess like this:

##  Can be commented out if causes errors, see notes above.
#<IfModule mod_php5.c>
#Options +FollowSymLinks
#  mod_rewrite in use

RewriteEngine On

#  Uncomment following line if your webserver's URL
#  is not directly related to physical file paths.
#  Update Your Joomla! Directory (just / for root)

RewriteBase /

########## Begin - Joomla! core SEF Section
############# Use this section if using ONLY Joomla! core SEF
## ALL (RewriteCond) lines in this section are only required if you actually
## have directories named 'content' or 'component' on your server
## If you do not have directories with these names, comment them out.
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_FILENAME} !-d
##RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR]         ##optional - see notes##
#RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$  [NC]
#RewriteRule ^(content/|component/) index.php
########## End - Joomla! core SEF Section

########## Begin - 3rd Party SEF Section
############# Use this section if you are using a 3rd party (Non Joomla! core) SEF extension - e.g. OpenSEF, 404_SEF, 404SEFx, SEF Advance, etc
RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR]         ##optional - see notes##
RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$  [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) index.php
########## End - 3rd Party SEF Section

########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
# Block out any script trying to set a mosConfig value through the URL
#RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
#RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
#RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
#RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
#RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
#RewriteRule ^(.*)$ index.php [F,L]
########## End - Rewrite rules to block out some common exploits

It's also important to check with your host to see how they handle session variables if you run on a similar model. And try uncommenting the security blocking (Apache Module "mod_security") and re-enabling sef urls in the .htaccess after you get it working.


I just wanted to let you know how impressed I am with Virtuemart now. I had toyed around with Virtuemart earlier in 2008 and it is amazing at the difference between there and now. You people are doing great work!
Cookies make it easier for us to provide you with our services. With the usage of our services you permit us to use cookies.
More information Ok Decline