I am developing a payment module. I am in the final phase. OCSESSID information changes on the page where I direct the user after the payment transaction. That's why I can't access the information. This happens on an average of 40 percent of orders. I did a lot of research but could not find the solution.
Why do you need it to stay the same?akadirabus wrote: ↑Wed Feb 24, 2021 2:33 amI am developing a payment module. I am in the final phase. OCSESSID information changes on the page where I direct the user after the payment transaction. That's why I can't access the information. This happens on an average of 40 percent of orders. I did a lot of research but could not find the solution.
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
If you are directing the customer back with a POST you will lose session due to the SameSite default now being Lax for modern web browsers. Direct the customer back with a GET or configure your OCSESSID cookie to have SameSite None and Secure. viewtopic.php?f=202&t=219633#p797082akadirabus wrote: ↑Wed Feb 24, 2021 2:33 amI am developing a payment module. I am in the final phase. OCSESSID information changes on the page where I direct the user after the payment transaction. That's why I can't access the information. This happens on an average of 40 percent of orders. I did a lot of research but could not find the solution.
for to use user information and order information after payment and a very negative situation in terms of user experience.
paulfeakins wrote: ↑Wed Feb 24, 2021 6:57 pmWhy do you need it to stay the same?akadirabus wrote: ↑Wed Feb 24, 2021 2:33 amI am developing a payment module. I am in the final phase. OCSESSID information changes on the page where I direct the user after the payment transaction. That's why I can't access the information. This happens on an average of 40 percent of orders. I did a lot of research but could not find the solution.
I've tried it before but it didn't work.
I can't find a solution on this issue. This is the only one left. The product is ready, but we don't want to complete it without fixing this problem.
I can't find a solution on this issue. This is the only one left. The product is ready, but we don't want to complete it without fixing this problem.
ADD Creative wrote: ↑Wed Feb 24, 2021 7:55 pmIf you are directing the customer back with a POST you will lose session due to the SameSite default now being Lax for modern web browsers. Direct the customer back with a GET or configure your OCSESSID cookie to have SameSite None and Secure. viewtopic.php?f=202&t=219633#p797082akadirabus wrote: ↑Wed Feb 24, 2021 2:33 amI am developing a payment module. I am in the final phase. OCSESSID information changes on the page where I direct the user after the payment transaction. That's why I can't access the information. This happens on an average of 40 percent of orders. I did a lot of research but could not find the solution.
Have you used your web browser's development tools network tab, cookie inspector and error messages?akadirabus wrote: ↑Wed Feb 24, 2021 10:47 pmI've tried it before but it didn't work.
I can't find a solution on this issue. This is the only one left. The product is ready, but we don't want to complete it without fixing this problem.
I'm checked the console. I attached the warning content. I tried again in the link you sent.
I got the same warning but this time when I go to any link, the user session has resumed. I could not understand. In other words, when I am directed to the successful page, I encounter incorrect OCSESSID, but when I click on another link from the same page, OCSESSID changes and it actually happens.
Warning is available on the link
https://www.notion.so/Warning-65a684e15 ... 4fd501c5e9
I got the same warning but this time when I go to any link, the user session has resumed. I could not understand. In other words, when I am directed to the successful page, I encounter incorrect OCSESSID, but when I click on another link from the same page, OCSESSID changes and it actually happens.
Warning is available on the link
https://www.notion.so/Warning-65a684e15 ... 4fd501c5e9
ADD Creative wrote: ↑Thu Feb 25, 2021 12:47 amHave you used your web browser's development tools network tab, cookie inspector and error messages?akadirabus wrote: ↑Wed Feb 24, 2021 10:47 pmI've tried it before but it didn't work.
I can't find a solution on this issue. This is the only one left. The product is ready, but we don't want to complete it without fixing this problem.
Do you return to your payment success page with a POST or a GET?akadirabus wrote: ↑Thu Feb 25, 2021 3:14 amI'm checked the console. I attached the warning content. I tried again in the link you sent.
I got the same warning but this time when I go to any link, the user session has resumed. I could not understand. In other words, when I am directed to the successful page, I encounter incorrect OCSESSID, but when I click on another link from the same page, OCSESSID changes and it actually happens.
Warning is available on the link
https://www.notion.so/Warning-65a684e15 ... 4fd501c5e9
Is your site using HTTPS everywhere?
What version of OpenCart?
What version of PHP?
Return with GET method.
Not HTTPS, My server is HTTP. Could it be because of HTTP?
Version: 3.0.3.7
PHP: 7.1
Not HTTPS, My server is HTTP. Could it be because of HTTP?
Version: 3.0.3.7
PHP: 7.1
ADD Creative wrote: ↑Thu Feb 25, 2021 4:02 amDo you return to your payment success page with a POST or a GET?akadirabus wrote: ↑Thu Feb 25, 2021 3:14 amI'm checked the console. I attached the warning content. I tried again in the link you sent.
I got the same warning but this time when I go to any link, the user session has resumed. I could not understand. In other words, when I am directed to the successful page, I encounter incorrect OCSESSID, but when I click on another link from the same page, OCSESSID changes and it actually happens.
Warning is available on the link
https://www.notion.so/Warning-65a684e15 ... 4fd501c5e9
Is your site using HTTPS everywhere?
What version of OpenCart?
What version of PHP?
If I correctly understand, you need old session_id... I don't know why, but you can add current session_id when order is placed to your return link something like this:
and if you use GET method retrieve it:
Where order_secret will be your old session_id...
Code: Select all
$return_url = $this->url->link('extension/payment/your_payment_module/backToShop&order_secret=' . $this->session->getId());
Code: Select all
if (isset($this->request->get['order_secret'])) {
$order_secret = $this->request->get['order_secret'];
} else {
$order_secret = '';
}
Custom OpenCart modules and solutions. You can write PM with additional questions... Extensions you can find here
If you are not using HTTPS then SameSite=None will not work as this needs the Secure flag and that will stop the cookie being read if the connection is not secure. If you are returning with a GET then the default of SameSite=Lax should work anyway. The PHP 7.1 setcookie function works differently to 7.3 so if you did want to set SameSite you have to do it in a slightly different way.akadirabus wrote: ↑Thu Feb 25, 2021 4:51 amReturn with GET method.
Not HTTPS, My server is HTTP. Could it be because of HTTP?
Version: 3.0.3.7
PHP: 7.1
You can use the Chrome developer tools network tab to see what happening with your cookies when you return to the success page. Use the "Has blocked cookies" option to check if the problem is with cookies. See: https://www.chromium.org/updates/scheme ... work-Panel
Be careful passing session IDs like this as it can lead to session fixation issues.kestas wrote: ↑Thu Feb 25, 2021 5:40 amIf I correctly understand, you need old session_id... I don't know why, but you can add current session_id when order is placed to your return link something like this:and if you use GET method retrieve it:Code: Select all
$return_url = $this->url->link('extension/payment/your_payment_module/backToShop&order_secret=' . $this->session->getId());
Where order_secret will be your old session_id...Code: Select all
if (isset($this->request->get['order_secret'])) { $order_secret = $this->request->get['order_secret']; } else { $order_secret = ''; }
@ADD Creative, Yes your are right.ADD Creative wrote: ↑Thu Feb 25, 2021 8:20 am
Be careful passing session IDs like this as it can lead to session fixation issues.
To prevent that, OP can read: https://stackoverflow.com/questions/508 ... -hijacking
Custom OpenCart modules and solutions. You can write PM with additional questions... Extensions you can find here
I hav tried. I moved session_id like this.
and set session_id like this
Two different cookies occurred. You can look at the link.
https://www.notion.so/Warning-65a684e15 ... 4fd501c5e9
Code: Select all
$url_fail = $this->url ->link('extension/payment/x/fail&oid=' . $this->session->data['order_id'] . "&us=" . $this->session->getId());
$url_ok = $this->url ->link('extension/payment/x/success&oid=' . $this->session->data['order_id']. "&us=" . $this->session->getId());
Code: Select all
$session_id = $_GET['us'];
setcookie('OCSESSID', $session_id, ['samesite' => 'None', 'secure' => true]);
https://www.notion.so/Warning-65a684e15 ... 4fd501c5e9
kestas wrote: ↑Thu Feb 25, 2021 5:40 amIf I correctly understand, you need old session_id... I don't know why, but you can add current session_id when order is placed to your return link something like this:and if you use GET method retrieve it:Code: Select all
$return_url = $this->url->link('extension/payment/your_payment_module/backToShop&order_secret=' . $this->session->getId());
Where order_secret will be your old session_id...Code: Select all
if (isset($this->request->get['order_secret'])) { $order_secret = $this->request->get['order_secret']; } else { $order_secret = ''; }
You will have 2 different cookies as the cookie is already set in catalog/controller/startup/session.php. Passing the session this way in not the way to solve your problem and will only cause you more issues.akadirabus wrote: ↑Thu Feb 25, 2021 2:55 pmI hav tried. I moved session_id like this.
and set session_id like thisCode: Select all
$url_fail = $this->url ->link('extension/payment/x/fail&oid=' . $this->session->data['order_id'] . "&us=" . $this->session->getId()); $url_ok = $this->url ->link('extension/payment/x/success&oid=' . $this->session->data['order_id']. "&us=" . $this->session->getId());
Two different cookies occurred. You can look at the link.Code: Select all
$session_id = $_GET['us']; setcookie('OCSESSID', $session_id, ['samesite' => 'None', 'secure' => true]);
https://www.notion.so/Warning-65a684e15 ... 4fd501c5e9
I can see from your screenshot that you are using the cookie secure flag but you have said you are not using HTTPS. This is not correct.
See the post here on how to debug your issue. viewtopic.php?p=815175#p815175
Who is online
Users browsing this forum: JessiesBoutique, SelfSus, softmonke, systemmaker, tilly and 521 guests