1

i have a website that users can buy stuff . for the payment users redirects to the bank site -> do the payment -> get back to the site .

lately after users get back to the , they lose theirs previous session and had to login again ! im guessing this related to google chrome cookie policy after version +84 .

I'm using phalcon 3.4 and the cookies dont have setOptions function to use the sameSite=None the set function don't get the sameSite option tho .

public function set($name, $value = null, $expire = 0, $path = '/', $secure = null, 
                    $domain = null, $httpOnly = null)

and sessions don't have a setting to use the PHPSESSID with the sameSite=None

i seen couple of workarounds and none of them are working.

option 1 : set this in htaccess : Header always edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure

option 2 : set this header globaly for the app : header('SameSite=None; Secure');

PS : My Current PHP Version : 7.2 , Apache 2.4

q : who i start my session ? a : using di

$di->setShared('session', function (){
    $session = new SessionAdapter();
    $session->start();
    return $session;
});

q : do i use SSL for my site ?

a : YES

q : all of the sites in the middle ( Going bank and redirecting ) use SSL ?

a : YES

q : what is the problem ?

a : after redirect Session is NULL

Thanks !

大陸北方網友
  • 3,696
  • 3
  • 12
  • 37
Hamid Salari
  • 103
  • 11

1 Answers1

1

after spending some time on other questions and testing a lots of possible solutions, I could manage to save the session on bank respond.

thanks to the comment from talal to redirecting me to where I should go .

for this specific environment ( Phalcon 3.4 , Php 7.2 ), the best way was :

1 - use the ini_set function to set session.cookie_path to / and add the samesite=none; secure to the end of it

2- the working example in phalcon bellow :

$di->setShared('session', function () use ($config) {
if (getenv("ENVIRONMENT") != "development") {
    ini_set('session.cookie_path', "/; samesite=none; secure");
}
$session = new SessionAdapter();
$session->start();
return $session;

});

Hamid Salari
  • 103
  • 11