Session reset after returning from payment gateway

If you are runnig Joomla 3.x and Virtuemart 3.x please post to this forum your questions or support tickets about One Page Checkout

Session reset after returning from payment gateway

Postby admin » Mon Jan 18, 2021 10:13 pm

Hello friends, i've spent a few hours on this one, so let me share this with you.

The problem:
When you return from a gateway - in my case GP Web Pay, the cart is cleared, session is resetted and user gets unlogged.

Why:
Because we implemented "Strict" same site policy for cookies as we thought it means the cookies are not shared with 3rd parties, but it seems to mean something else. If your cusomer returns from a gateway while the gateway does a POST back to your site and you are using Lax or Strict session cookie, this cookie will not be part of the request and thus Joomla resets this.

Solution:
Lowering your session same site to strictly "None" and "Secure" allows the cookie to be sent with the return POST header and your user will not get unlogged.

To fix this, depending on your php ini access, you can alter PHP ini like this, or create .user.ini within root of your joomla:


session.cookie_secure=1
session.cookie_samesite="None"

The above 2 is what is required for the cookie to work.

Optional config to make sure all php and joomla cookies are OK:
session.cookie_path="/"
session.cookie_httponly=1
session.cookie_domain=".{your domain here}"


using recommended "Lax" or "Strict" for cookies for ecommerce which are using 3rd party payment gateways may not work properly. it is a pitty google implements these measures, but fails to white list exceptions with custom headers...

hope this helps you,

best regards, stan
admin
Site Admin
 
Posts: 2708
Joined: Wed Jan 06, 2010 11:43 pm

Return to One Page Checkout for Virtuemart 3 on Joomla 3.x

cron