Hello everyone,
I am useing 3.0.3.2, today I found a problem, when I finish buying by paypal and click "return back" button on paypal page, then the page go to my store.
BUT, the buyer account sign out automaticly, I must login again. BUT when I login again, I can see the shopping cart is not clear......
I can see that: All my google chorme's cookies is sign out automaticly, my admin account in another lable is sign out automaticly too.....
I use Journal 3.1.8.
Thank you for your help!!
Yours, Daniel
I am useing 3.0.3.2, today I found a problem, when I finish buying by paypal and click "return back" button on paypal page, then the page go to my store.
BUT, the buyer account sign out automaticly, I must login again. BUT when I login again, I can see the shopping cart is not clear......
I can see that: All my google chorme's cookies is sign out automaticly, my admin account in another lable is sign out automaticly too.....
I use Journal 3.1.8.
Thank you for your help!!
Yours, Daniel
Unsupported.DANDTON wrote: ↑Tue Apr 20, 2021 8:58 pmHello everyone,
I am useing 3.0.3.2, today I found a problem, when I finish buying by paypal and click "return back" button on paypal page, then the page go to my store.
BUT, the buyer account sign out automaticly, I must login again. BUT when I login again, I can see the shopping cart is not clear......
I can see that: All my google chorme's cookies is sign out automaticly, my admin account in another lable is sign out automaticly too.....
I use Journal 3.1.8.
Thank you for your help!!
Yours, Daniel
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Not an OpenCart bug, the OpenCart checkout eventually reaches the checkout/success page, and the user stays logged in, but with the shopping cart cleared after the successfully processed order. Journal3 is a different framework (80% non-Opencart) so in your case you will have to get in touch with the Journal support.
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
Thank you very much! I did more test and find the problem seems come from Paypal, I use Paypal standard as payment way. I have paypal standard and Free check out 2 way. When I test by free check out, there is no problem, but when I use paypal stanard and test by sandbox account, I found this problem comes out,JNeuhoff wrote: ↑Tue Apr 20, 2021 10:31 pmNot an OpenCart bug, the OpenCart checkout eventually reaches the checkout/success page, and the user stays logged in, but with the shopping cart cleared after the successfully processed order. Journal3 is a different framework (80% non-Opencart) so in your case you will have to get in touch with the Journal support.
For insurance, I tried to use my another V1.5.6 opencart and V3.0.2 opencart website, this problem is still there when i use paypal standard.
So I doubt it is the problem from paypal, I will call them tomorrow and let you know more info.
Called paypal, and got no answer, so I tried to test more and find the resolution:
1.Must update PHP7.0 to PHP7.3, after test, only PHP7.3 is ok
2.edit document: /upload/system/framework.php around 110 line
//original cookie
//setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
//modified cookie
setcookie($config->get('session_name'), $session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
3.edit document: /upload/catalog/controller/startup/session.php around 25 line
//original cookie
//setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
//modified cookie
setcookie($this->config->get('session_name'), $this->session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
refresh ocmod, done,
Now test, after checkout and return back to sucessul pay page, the customer won't logout and the shopping cart is empty.
1.Must update PHP7.0 to PHP7.3, after test, only PHP7.3 is ok
2.edit document: /upload/system/framework.php around 110 line
//original cookie
//setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
//modified cookie
setcookie($config->get('session_name'), $session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
3.edit document: /upload/catalog/controller/startup/session.php around 25 line
//original cookie
//setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
//modified cookie
setcookie($this->config->get('session_name'), $this->session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
refresh ocmod, done,
Now test, after checkout and return back to sucessul pay page, the customer won't logout and the shopping cart is empty.
Hi,
I was also faced this issue for opencart-4 for our Paysera payment gateway plugin, then investigated and finds about session samesite and to fix this, no need to make additional code. Just change from settings -
1) Go to settings.
2) Click on Server tab.
3) Change Session Samesite Cookie from Lax/Strict to None.
4) Now make payment and nothing will logged out.
I was also faced this issue for opencart-4 for our Paysera payment gateway plugin, then investigated and finds about session samesite and to fix this, no need to make additional code. Just change from settings -
1) Go to settings.
2) Click on Server tab.
3) Change Session Samesite Cookie from Lax/Strict to None.
4) Now make payment and nothing will logged out.
Had the same issue and this worked for me...many thanks :-)DANDTON wrote: ↑Thu Apr 22, 2021 11:25 amCalled paypal, and got no answer, so I tried to test more and find the resolution:
1.Must update PHP7.0 to PHP7.3, after test, only PHP7.3 is ok
2.edit document: /upload/system/framework.php around 110 line
//original cookie
//setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
//modified cookie
setcookie($config->get('session_name'), $session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
3.edit document: /upload/catalog/controller/startup/session.php around 25 line
//original cookie
//setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
//modified cookie
setcookie($this->config->get('session_name'), $this->session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
refresh ocmod, done,
Now test, after checkout and return back to sucessul pay page, the customer won't logout and the shopping cart is empty.
Newbie - OC 3.0.3.8 sites
+1
Thank you to
DANDTON for coming back with a solution
maniruzzaman for a possible solution for OC4
and frasergoconsultme for taking the time to login and say thank you and confirming it works
have a great day
Thank you to
DANDTON for coming back with a solution
maniruzzaman for a possible solution for OC4
and frasergoconsultme for taking the time to login and say thank you and confirming it works
have a great day
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
That's not the best way to fix the issue for PayPal Standard. You can just change the rm variable to 1, as done in 3.0.3.8.frasergoconsultme wrote: ↑Mon May 15, 2023 11:40 pmHad the same issue and this worked for me...many thanks :-)DANDTON wrote: ↑Thu Apr 22, 2021 11:25 amCalled paypal, and got no answer, so I tried to test more and find the resolution:
1.Must update PHP7.0 to PHP7.3, after test, only PHP7.3 is ok
2.edit document: /upload/system/framework.php around 110 line
//original cookie
//setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
//modified cookie
setcookie($config->get('session_name'), $session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
3.edit document: /upload/catalog/controller/startup/session.php around 25 line
//original cookie
//setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
//modified cookie
setcookie($this->config->get('session_name'), $this->session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
refresh ocmod, done,
Now test, after checkout and return back to sucessul pay page, the customer won't logout and the shopping cart is empty.
https://github.com/opencart/opencart/pull/8072
That way you can keep using default SameSite=Lax, which would give more protection against attacks such as CSRF. Which is probably important if you are using an older version than 3.0.3.8 that does not have the security vulnerability in the PayPal Standard extension patched.
I am running 3.0.3.8 and was still having the issue until I changed the code as above.ADD Creative wrote: ↑Tue May 16, 2023 7:48 amThat's not the best way to fix the issue for PayPal Standard. You can just change the rm variable to 1, as done in 3.0.3.8.frasergoconsultme wrote: ↑Mon May 15, 2023 11:40 pmHad the same issue and this worked for me...many thanks :-)DANDTON wrote: ↑Thu Apr 22, 2021 11:25 amCalled paypal, and got no answer, so I tried to test more and find the resolution:
1.Must update PHP7.0 to PHP7.3, after test, only PHP7.3 is ok
2.edit document: /upload/system/framework.php around 110 line
//original cookie
//setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
//modified cookie
setcookie($config->get('session_name'), $session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
3.edit document: /upload/catalog/controller/startup/session.php around 25 line
//original cookie
//setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
//modified cookie
setcookie($this->config->get('session_name'), $this->session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
refresh ocmod, done,
Now test, after checkout and return back to sucessul pay page, the customer won't logout and the shopping cart is empty.
https://github.com/opencart/opencart/pull/8072
That way you can keep using default SameSite=Lax, which would give more protection against attacks such as CSRF. Which is probably important if you are using an older version than 3.0.3.8 that does not have the security vulnerability in the PayPal Standard extension patched.
Newbie - OC 3.0.3.8 sites
I would check that your theme is not overriding the /catalog/view/theme/default/template/extension/payment/pp_standard.twig file or that the file isn't an old version from a previous upgrade.frasergoconsultme wrote: ↑Tue May 16, 2023 9:09 pmI am running 3.0.3.8 and was still having the issue until I changed the code as above.
You can also inspect the payment fields at the last step at checkout using your browser's developer tool, where you should see the following.
Code: Select all
<input type="hidden" name="rm" value="1" />
Thanks, worked perfectly on OC v3.0.2.0DANDTON wrote: ↑Thu Apr 22, 2021 11:25 amCalled paypal, and got no answer, so I tried to test more and find the resolution:
1.Must update PHP7.0 to PHP7.3, after test, only PHP7.3 is ok
2.edit document: /upload/system/framework.php around 110 line
//original cookie
//setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
//modified cookie
setcookie($config->get('session_name'), $session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
3.edit document: /upload/catalog/controller/startup/session.php around 25 line
//original cookie
//setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
//modified cookie
setcookie($this->config->get('session_name'), $this->session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
refresh ocmod, done,
Now test, after checkout and return back to sucessul pay page, the customer won't logout and the shopping cart is empty.
You should also be able to fix it by making the changes at the links below instead.
https://github.com/opencart/opencart/pull/8072/files
That way you can keep SameSite set to Lax with will offer protection against CSRF vulnerabilities that None doesn't.
Who is online
Users browsing this forum: No registered users and 128 guests