Bambora Payform - Session expired after some payments instead of checkout_success

[kalm]

No idea. I do not remember changing it ever. But I tried to put it to False, as it is default. No difference.

[lat9]

Does the issue occur on all browsers? I've been seeing a lot of timeouts due to the "Samesite" cookie settings on Chrome, but you've got your site setup as 'None, secure' which should be (?) fine.

[kalm]

Need to test more on other browsers. Just tried on Safari for more than 10 times, all working.
SameSite cookies is something new for me. Is it like setting in chrome (just quickly googled it)?
So if this is the issue, I should update the settings somewhere on my site to SameSite=None; Secure?

And if it is the issue, can it be random like I have it?

[lat9]

Need to test more on other browsers. Just tried on Safari for more than 10 times, all working.
SameSite cookies is something new for me. Is it like setting in chrome (just quickly googled it)?
So if this is the issue, I should update the settings somewhere on my site to SameSite=None; Secure?

And if it is the issue, can it be random like I have it?

What does your copy of /includes/init_includes/init_sessions.php (around line 43) read? Is it similar to

Code:

if (filter_var($cookieDomain, FILTER_VALIDATE_IP)) $domainPrefix = '';
$secureFlag = ((ENABLE_SSL == 'true' && substr(HTTP_SERVER, 0, 6) == 'https:' && substr(HTTPS_SERVER, 0, 6) == 'https:') || (ENABLE_SSL == 'false' && substr(HTTP_SERVER, 0, 6) == 'https:')) ? TRUE : FALSE;

session_set_cookie_params(0, $path, (zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : ''), $secureFlag, TRUE);

/**
 * set the session ID if it exists
 */
if (isset($_POST[zen_session_name()])) {
  zen_session_id($_POST[zen_session_name()]);
} elseif ( ($request_type == 'SSL') && isset($_GET[zen_session_name()]) ) {
  zen_session_id($_GET[zen_session_name()]);
}

... or to

Code:

if (filter_var($cookieDomain, FILTER_VALIDATE_IP)) $domainPrefix = '';
$secureFlag = ((ENABLE_SSL == 'true' && substr(HTTP_SERVER, 0, 6) == 'https:' && substr(HTTPS_SERVER, 0, 6) == 'https:') || (ENABLE_SSL == 'false' && substr(HTTP_SERVER, 0, 6) == 'https:')) ? TRUE : FALSE;

$samesite = (defined('COOKIE_SAMESITE')) ? COOKIE_SAMESITE : 'lax';
if (!in_array($samesite, ['lax', 'strict', 'none'])) $samesite = 'lax';

session_set_cookie_params([
    'lifetime' => 0,
    'path' => $path,
    'domain' => (zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : ''),
    'secure' => $secureFlag,
    'httponly' => true,
    'samesite' => $samesite,
]);

/**
 * set the session ID if it exists
 */
if (isset($_POST[zen_session_name()])) {
  zen_session_id($_POST[zen_session_name()]);
} elseif ( ($request_type == 'SSL') && isset($_GET[zen_session_name()]) ) {
  zen_session_id($_GET[zen_session_name()]);
}

That second version is destined for zc157a. From a browser-testing standpoint, I've found Chrome to be the most 'finicky' when it comes to those cookies.

[kalm]

Hi! Thank you for response!

I have first variant:

PHP Code:

session_set_cookie_params(0, $path, (zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : ''), $secureFlag, TRUE); 


[kalm]

Now tried the second code, but it got worst. It started to log me out of my account every time after payment.
Before I could't catch this in Safari, but with second code same problem started on Safari too - logged out after every payment.
Changed back to first variant - works on Safari again. At least did not log me out after several attempts.

[robertluer]

Now tried the second code, but it got worst. It started to log me out of my account every time after payment.
Before I could't catch this in Safari, but with second code same problem started on Safari too - logged out after every payment.
Changed back to first variant - works on Safari again. At least did not log me out after several attempts.

Sounds like the same problem I'm having with my epath gateway when it tries to return to the checkout_success page. See https://www.zen-cart.com/showthread....ighlight=epath

Lat9 referred to a sticky zenid issue which I would like to try and solve if I knew how.

[robertluer]

Sounds like the same problem I'm having with my epath gateway when it tries to return to the checkout_success page. See https://www.zen-cart.com/showthread....ighlight=epath

Lat9 referred to a sticky zenid issue which I would like to try and solve if I knew how.

[lat9]

Now tried the second code, but it got worst. It started to log me out of my account every time after payment.
Before I could't catch this in Safari, but with second code same problem started on Safari too - logged out after every payment.
Changed back to first variant - works on Safari again. At least did not log me out after several attempts.

Try using the second variant, but also create a file named /includes/extra_datafiles/set_samesite_cookie.php containing:

PHP Code:

<?php
define('COOKIE_SAMESITE', 'none');

That will enable you to use the updated version (which will be applied on a zc157a upgrade) and keep the Samesite=None setting.