Re: Session expired after some payments instead of checkout_success
Thank you that did resolve the issue. I guess creating the file /includes/extra_configures/samesite_cookie.php will make it apply to the entire site vs having the code in init_session.php (I guess this applies to session creation only)
Code:
$samesite = (defined('COOKIE_SAMESITE')) ? COOKIE_SAMESITE : 'lax';
if (!in_array($samesite, ['lax', 'strict', 'none'])) $samesite = 'lax';
Re: Session expired after some payments instead of checkout_success
Thank you for this crutial info,
Additionally, at the current state of Chrome browser SameSite=none; also causes error.
You can not even log in to the site, it automatically logs you out.
In the page error report it says Secure connection is obligatory if SameSite=none choosen.
So the below definition by DrByte should be changed as follows:
PHP Code:
define('COOKIE_SAMESITE', 'none; secure');
Thanks also to Scott C Wilson for putting this on Zen-Cart documentation
https://docs.zen-cart.com/user/payme...oops_timeouts/
If somebody could also update that it could save somebody sometime...
Quote:
Originally Posted by
DrByte
You can probably resolve it with this instead:
Create a file named /
includes/extra_configures/samesite_cookie.php containing the following:
Code:
<?php
// -----
// Samesite cookie needs to be 'none' when doing offsite payment gateway redirects
//
define('COOKIE_SAMESITE', 'none');
Re: Session expired after some payments instead of checkout_success
Quote:
Originally Posted by
zamzom
Thank you for this crutial info,
Additionally, at the current state of Chrome browser SameSite=none; also causes error.
You can not even log in to the site, it automatically logs you out.
In the page error report it says Secure connection is obligatory if SameSite=none choosen.
So the below definition by DrByte should be changed as follows:
PHP Code:
define('COOKIE_SAMESITE', 'none; secure');
Please forget the previous suggestion. init_sessions.php searches for exact phrase 'none', if you change it, it won't work.
Page encoding should be https though, otherwise samesite 'none' will create an error.
