Results 1 to 6 of 6
  1. #1
    Join Date
    Dec 2014
    Location
    Barrie, ON Canada
    Posts
    14
    Plugin Contributions
    0

    Default Whoops! Your Session has Expired - Authorize.net (SIM) (v1.5.7c)

    ZC Version: 1.5.7c (downloaded and upgraded from the Zen-Cart Site using the recommended procedure of running a duplicate site)
    PHP Version: 7.4.16
    MySQL Version: 5.7.23-23
    Theme: Dover Fine (rewritten by original creator to work on 1.5.7)
    Plugin: Zen_Lightbox 1.6.b
    Plugin: Email_Transfer_Mod 1.5.7c
    Payment Plugin: Authorize.net (SIM) (came with download of Zen Cart)
    Store URL: https://historicaltwiststore.com

    This error has a lot of various threads throughout the Forums, however none that I could find on v1.5.7c.

    This error is occurring when being redirected back to Zen Cart from Authorize.net.

    The order is being written properly to Zen Cart. The payment is being processed correctly... it's just not reporting to the customer a successful transaction.

    The default Relay Response URL at Authorize.net is set to <full url>/index.php?main_page=checkout_process&action=confirm

    I have also tried...

    <full url>/index.php?main_page=checkout_process (with no difference).

    I have confirmed that my browser can accept cookies.

    I have confirmed that the server "hash_bit_number" (can't remember the exact value I searched for and can't find that post again) isn't 6. In fact there isn't this setting in the server/info.

    I've tried the various other fixes, but none seem relevant.

    Does anyone have any idea how to solve this problem?

    Thanks in advance.

  2. #2
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Whoops! Your Session has Expired - Authorize.net (SIM) (v1.5.7c)

    It's very possible that this is a result of the samesite cookie rule that modern browsers are enforcing. If you want to force browsers into lower-security mode by disabling the samesite cookie rules they’re programmed to follow, then you can do the following:

    Create a file named includes/extra_configures/samesite_cookie.php containing the following:


    Code:
    <?php
    // -----
    // Samesite cookie needs to be 'none' when doing offsite payment gateway redirects
    //
    define('COOKIE_SAMESITE', 'none');
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Jun 2011
    Posts
    20
    Plugin Contributions
    0

    Default Re: Whoops! Your Session has Expired - Authorize.net (SIM) (v1.5.7c)

    I am having the same problem. I am using v1.5.4 and adding the includes/extra_configures/samesite_cookie.php doesn't solve the problem. Do I have to modify includes/init_includes/init_sessions.php? I do not believe v1.5.4 is using COOKIE_SAMESITE.
    The current code is:
    PHP Code:
    if (PHP_VERSION >= '5.2.0') {
      
    session_set_cookie_params(0$path, (zen_not_null($cookieDomain) ? $domainPrefix $cookieDomain ''), $secureFlagTRUE);
    } else {
      
    session_set_cookie_params(0$path, (zen_not_null($cookieDomain) ? $domainPrefix $cookieDomain ''), $secureFlag);


  4. #4
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    12,399
    Plugin Contributions
    87

    Default Re: Whoops! Your Session has Expired - Authorize.net (SIM) (v1.5.7c)

    Quote Originally Posted by jarmilka View Post
    I am having the same problem. I am using v1.5.4 and adding the includes/extra_configures/samesite_cookie.php doesn't solve the problem. Do I have to modify includes/init_includes/init_sessions.php? I do not believe v1.5.4 is using COOKIE_SAMESITE.
    The current code is:
    PHP Code:
    if (PHP_VERSION >= '5.2.0') {
      
    session_set_cookie_params(0$path, (zen_not_null($cookieDomain) ? $domainPrefix $cookieDomain ''), $secureFlagTRUE);
    } else {
      
    session_set_cookie_params(0$path, (zen_not_null($cookieDomain) ? $domainPrefix $cookieDomain ''), $secureFlag);

    You're correct; the same-site cookie requirement has been imposed in the last 6 1/2 years (zc154 was released 2016-12-31) and neither your Zen Cart version nor (most likely) the version of PHP you're running on 'understand' how to set that cookie.

    Here's a code snippet that you can use to replace the above section of your init_sessions.php to bring it up-to-level while you plan your upgrade to the current Zen Cart version (zc157c at the time of this writing):
    Code:
    //-bof-20200926-lat9: Setting samesite cookies
    //session_set_cookie_params(0, $path, (zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : ''), $secureFlag, TRUE);
    $samesite = (defined('COOKIE_SAMESITE')) ? COOKIE_SAMESITE : 'lax';
    if (!in_array($samesite, array('lax', 'strict', 'none'))) $samesite = 'lax';
    
    if (PHP_VERSION_ID < 70300) {
        session_set_cookie_params(0, $path .'; samesite='.$samesite, (zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : ''), $secureFlag, TRUE);
    } else {
        session_set_cookie_params(array(
            'lifetime' => 0,
            'path' => $path,
            'domain' => (zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : ''),
            'secure' => $secureFlag,
            'httponly' => TRUE,
            'samesite' => $samesite
        ));
    }
    //-eof-20200926-lat9

  5. #5
    Join Date
    Jun 2011
    Posts
    20
    Plugin Contributions
    0

    Default Re: Whoops! Your Session has Expired - Authorize.net (SIM) (v1.5.7c)

    Thank you so much lat9.
    Unfortunately, I am using quite a bit of customization so upgrade to zc157 is not that easy.

  6. #6
    Join Date
    Jun 2011
    Posts
    20
    Plugin Contributions
    0

    Default Re: Whoops! Your Session has Expired - Authorize.net (SIM) (v1.5.7c)

    I implemented the fix but I am still receiving occasionally payment and no order, however, not as often as before. Any suggestion what could be causing that?

 

 

Similar Threads

  1. v153 Authorize.net SIM module - Whoops! Your session has expired error
    By tmdeppner in forum Addon Payment Modules
    Replies: 8
    Last Post: 26 Jan 2015, 11:08 PM
  2. v151 Whoops Your Session Has Expired when using eProcessing Network SIM emulator
    By firstcapitalfirearms in forum General Questions
    Replies: 0
    Last Post: 22 Feb 2013, 07:23 PM
  3. "Your session has expired" with Authorize.net SIM
    By HDG in forum Managing Customers and Orders
    Replies: 2
    Last Post: 12 Oct 2010, 01:48 AM
  4. Authorize.net SIM module returns with "Your session has expired" and doesn't complete
    By rumoraz in forum Built-in Shipping and Payment Modules
    Replies: 0
    Last Post: 24 Sep 2008, 10:16 PM
  5. Whoops! Your session has expired. - Returning from Authorize.net
    By flash in forum Installing on a Linux/Unix Server
    Replies: 4
    Last Post: 17 Jul 2008, 06:18 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR