Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21
  1. #11
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    11,229
    Plugin Contributions
    80

    Default Re: Session expired after some payments instead of checkout_success

    Quote Originally Posted by kalm View Post
    Now tried the second code, but it got worst. It started to log me out of my account every time after payment.
    Before I could't catch this in Safari, but with second code same problem started on Safari too - logged out after every payment.
    Changed back to first variant - works on Safari again. At least did not log me out after several attempts.
    Try using the second variant, but also create a file named /includes/extra_datafiles/set_samesite_cookie.php containing:

    PHP Code:
    <?php
    define
    ('COOKIE_SAMESITE''none');
    That will enable you to use the updated version (which will be applied on a zc157a upgrade) and keep the Samesite=None setting.

  2. #12
    Join Date
    Aug 2020
    Location
    Finland
    Posts
    12
    Plugin Contributions
    0

    Default Re: Session expired after some payments instead of checkout_success

    Thank you, Cindy!
    Seems to be it started to work
    At least my 10 attempts did not catch the problem. Also on Developer Tool Console I do not see blocked cookies any more when I come back to store after payment.
    Need to test for few days for I can say for sure a problem is solved.
    I will come with the update.

  3. #13
    Join Date
    Oct 2013
    Location
    Canada
    Posts
    23
    Plugin Contributions
    0

    Default Re: Session expired after some payments instead of checkout_success

    Thanks Cindy, second variant of that code with the extra file worked for me too.

  4. #14
    Join Date
    Aug 2020
    Location
    Finland
    Posts
    12
    Plugin Contributions
    0

    Default Re: Session expired after some payments instead of checkout_success

    Hi!

    I was testing the change for a few days. Not many real orders were paid via Bambora I have problem with. First 9 orders were placed with no problem, but today I got one order with time_out page.
    This is customer's session before payment:

    Name:  Screenshot 2020-09-02 at 15.03.29.jpg
Views: 268
Size:  11.7 KB

    I am not sure what browser he was using.

    I was trying to recreate the problem myself in Chrome. Before the update Cindy offered, I could easily get time_out page just pushing Confirm Order Button, going to Bambora's payment page and cancel payment. But now I couldn't, even trying over 30 times. Same with Safari.

    But here he is, the customer with real order, who gets the time_out page again

  5. #15
    Join Date
    Jul 2012
    Posts
    16,386
    Plugin Contributions
    17

    Default Re: Session expired after some payments instead of checkout_success

    Quote Originally Posted by kalm View Post
    Hi!

    I was testing the change for a few days. Not many real orders were paid via Bambora I have problem with. First 9 orders were placed with no problem, but today I got one order with time_out page.
    This is customer's session before payment:

    Name:  Screenshot 2020-09-02 at 15.03.29.jpg
Views: 268
Size:  11.7 KB

    I am not sure what browser he was using.

    I was trying to recreate the problem myself in Chrome. Before the update Cindy offered, I could easily get time_out page just pushing Confirm Order Button, going to Bambora's payment page and cancel payment. But now I couldn't, even trying over 30 times. Same with Safari.

    But here he is, the customer with real order, who gets the time_out page again
    When looking over the sequence of events/visits by that visitor, what time differences are involved? Even if the above corrections fixed the base problem, if the session expires along the checkout process then a time_out will be presented. Yes, it has an unfortunate effect on the sale and record keeping if the initial transaction can not be tied back to what is likely a completed financial transaction.
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

  6. #16
    Join Date
    Aug 2020
    Location
    Finland
    Posts
    12
    Plugin Contributions
    0

    Default Re: Session expired after some payments instead of checkout_success

    I was watching this particular customer placing an order on Who's online page. Is was not many seconds from the moment he pushed Confirm Order button and after the payment appeared back to store with time_out and new session id number. So it this case problem is not that the session just expired.

    Just wondering, if now the problem is not Samesite cookies anymore (it can't be as the code 100% fixed it, right?), what else it can be?

    As plugin itself, I contacted Bambora and informed them about my problem. If it is a plugin issue...

  7. #17
    Join Date
    Aug 2020
    Location
    Finland
    Posts
    12
    Plugin Contributions
    0

    Default Re: Session expired after some payments instead of checkout_success

    Unfortunately, I am still getting time_outs from time to time. Problem is not 100% fixed.

  8. #18
    Join Date
    Jul 2004
    Posts
    165
    Plugin Contributions
    0

    Default Re: Session expired after some payments instead of checkout_success

    Quote Originally Posted by kalm View Post
    Unfortunately, I am still getting time_outs from time to time. Problem is not 100% fixed.
    Did you every resolve this?

  9. #19
    Join Date
    Oct 2013
    Location
    MTL
    Posts
    66
    Plugin Contributions
    2

    Default Re: Session expired after some payments instead of checkout_success

    It seems that changes made to Chromium browsers have increased the number of session timeout when completing a payment and being redirected back to the store to generate an order if.

    HTML Code:
    Zen Cart 1.5.7
    Database Patch Level: 1.5.7
    v1.5.7   [2020-12-18 18:45:24]   (Version Update 1.5.6->1.5.7)
    v1.5.6c   [2020-12-18 18:45:04]   (Version Update 1.5.5->1.5.6c)
    v1.5.5a   [2016-08-17 00:53:15]   (Version Update 1.5.4->1.5.5a)
    v1.5.4   [2016-08-17 00:53:09]   (Version Update 1.5.3->1.5.4)
    v1.5.3   [2016-08-17 00:53:01]   (Version Update 1.5.2->1.5.3)
    v1.5.2   [2016-08-17 00:52:49]   (Version Update 1.5.1->1.5.2)
    v1.5.2   [2016-08-17 00:50:14]   (Version Update 1.5.1->1.5.2)
    v1.5.2   [2016-08-17 00:49:04]   (Version Update 1.5.1->1.5.2)
    v1.5.1   [2013-11-04 07:00:39]   (New Installation)
    v1.5.1   [2013-11-04 07:00:39]   (New Installation)
    I am using Moneris hosted Pay Page which does redirect the user back to thee store when a payment is cleared. Unfortunately, I have not been able to pin it down to anything yet and I read here and there that others are experiencing it but not can't tell the scale of the problem.

    The site does use and Force SSL on all pages.

    my init_session file has
    Code:
    $samesite = (defined('COOKIE_SAMESITE')) ? COOKIE_SAMESITE : 'lax';
    if (!in_array($samesite, ['lax', 'strict', 'none'])) $samesite = 'lax';
    
    
    if (PHP_VERSION_ID >= 70300) {
      session_set_cookie_params([
        'lifetime' => 0,
        'path' => $path,
        'domain' => (zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : ''),
        'secure' => $secureFlag,
        'httponly' => true,
        'samesite' => $samesite,
      ]);
    } else {
      session_set_cookie_params(0, $path .'; samesite='.$samesite, (zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : ''), $secureFlag, true);
    }
    and my HTTPD config has the following
    Code:
    Header set Set-Cookie HttpOnly;Secure;SameSite=None
    #Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=None
    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
    Header always set X-Frame-Options DENY
    TraceEnable Off
    Based on my testing (I don't have a mac to test with), Microsoft Edge the original is the only one that worked for me.

    I checked version 1.5.7C for any possible changes and there is nothing there that would address this issue of session timeout upon being redirected from payment gateway.

    So I decide I am getting lots of heat getting customer charged and not having an order ID. knowing I am running PHP 7.2, I changed init_session.php to this
    Code:
    if (PHP_VERSION_ID <= 70300) {
    and that seems to work. Since I just made the change today, I can't tell in real life application whether it is successful or not.

    I welcome feedback on the matter.

  10. #20
    Join Date
    Jan 2004
    Posts
    66,350
    Blog Entries
    7
    Plugin Contributions
    271

    Default Re: Session expired after some payments instead of checkout_success

    You can probably resolve it with this instead:

    Create a file named /includes/extra_configures/samesite_cookie.php containing the following:


    Code:
    <?php
    // -----
    // Samesite cookie needs to be 'none' when doing offsite payment gateway redirects
    //
    define('COOKIE_SAMESITE', 'none');
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

 

 
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. v155 Impossible checkout (Immediate expired session) after server move
    By xavierpages in forum Upgrading to 1.5.x
    Replies: 7
    Last Post: 26 Jul 2016, 01:22 AM
  2. v137 Whoops! Your session has expired. Session Question.
    By weblamer in forum Upgrading to 1.5.x
    Replies: 5
    Last Post: 7 Jun 2015, 07:20 PM
  3. v151 Session Expired problem after installed the stock per atribute plugin
    By alexandregsalves in forum General Questions
    Replies: 0
    Last Post: 30 Jun 2013, 11:23 PM
  4. Whoops! Your session has expired. after paypal continue, since webserver upgraded
    By Justwade in forum PayPal Express Checkout support
    Replies: 15
    Last Post: 12 Jan 2010, 03:03 AM
  5. suddenly 'whoops your session has expired' with Secure Trading payments
    By PhillipHarrison in forum Addon Payment Modules
    Replies: 3
    Last Post: 18 Mar 2009, 01:30 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR