Page 1 of 1

How to fix Google Chrome SameSite of OpenCart 3.0.3.2?

Posted: Wed Aug 19, 2020 11:05 am
by HAO
I have a OpenCart 3.0.2.0 stores, I know that Chrome 80 SameSite issues need to be fixed, I also saw this post:
https://github.com/opencart/opencart/issues/7946

But I still don’t understand how my version can solve this problem, Can someone tell me how to modify the file?

Thank you!

Re: How to fix Google Chrome SameSite of OpenCart 3.0.2.0?

Posted: Wed Aug 19, 2020 3:35 pm
by Rizki saputra
I have the same problem, I want to know the right answer :P

Re: How to fix Google Chrome SameSite of OpenCart 3.0.2.0?

Posted: Wed Aug 19, 2020 3:47 pm
by letxobnav
all that topic does is provide a function which produces a cookie covering the different ways the php setcookie function can be used in php versions below 7.3 and above.
It does not solve anything stated in the topic.

session cookies are set in catalog/controller/startup/session.php and system/framework.php
why twice? god only knows.

catalog/controller/startup/session.php

Code: Select all

setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
you could change that to:

Code: Select all

setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path').'; SameSite=strict', ini_get('session.cookie_domain'),true,true);
system/framework.php

Code: Select all

setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
you could change that to:

Code: Select all

setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path').'; SameSite=strict', ini_get('session.cookie_domain'),true,true);
But as far as I know, if you set your cookies secure, samesite is not an issue.

Re: How to fix Google Chrome SameSite of OpenCart 3.0.2.0?

Posted: Wed Aug 19, 2020 6:54 pm
by ADD Creative
A bit of a warning about setting SameSite=Strict. This will stop some payment modules from working. Even the new default of SameSite=Lax breaks a few.
HAO wrote:
Wed Aug 19, 2020 11:05 am
I have a OpenCart 3.0.2.0 stores, I know that Chrome 80 SameSite issues need to be fixed, I also saw this post:
https://github.com/opencart/opencart/issues/7946

But I still don’t understand how my version can solve this problem, Can someone tell me how to modify the file?

Thank you!
Rizki saputra wrote:
Wed Aug 19, 2020 3:35 pm
I have the same problem, I want to know the right answer :P
What is the exact problem you have and what PHP version are you using?

Re: How to fix Google Chrome SameSite of OpenCart 3.0.2.0?

Posted: Wed Aug 19, 2020 7:54 pm
by letxobnav
yes, I'm not sure what the requirements are but as far as I can tell, if you set secure, you can also just use samesite none or blank.
personally I would just set them secure and leave the rest as is for now.

Re: How to fix Google Chrome SameSite of OpenCart 3.0.2.0?

Posted: Thu Aug 20, 2020 12:47 am
by ADD Creative
If you need the old cookie behaviour with no restrictions, you need to explicitly set SameSite attribute to None as well as setting the Secure attribute. Blank or no SameSite attribute will default to SameSite =Lax in new browsers the follow the new rules.

This should only be necessary for payment gateways (or other third-party services) that POST back to the store and except the session the be active.

letxobnav wrote:
Wed Aug 19, 2020 3:47 pm
session cookies are set in catalog/controller/startup/session.php and system/framework.php
why twice? god only knows.
I believe the duplicate setting of the cookie was fixed in 3.0.3.2.
https://github.com/opencart/opencart/co ... a80d2828b1

Re: How to fix Google Chrome SameSite of OpenCart 3.0.2.0?

Posted: Sat Aug 22, 2020 9:59 pm
by ADD Creative
For OpenCart 3 with the need for the old cookie behaviour.
viewtopic.php?f=202&t=219633#p797082

Re: How to fix Google Chrome SameSite of OpenCart 3.0.2.0?

Posted: Fri Dec 11, 2020 4:15 pm
by HAO
Ok!
I have a new situation, I am installing an OpenCart 3.0.3.2 system, How can I solve this problem based on this version?

Re: How to fix Google Chrome SameSite of OpenCart 3.0.3.2?

Posted: Fri Dec 11, 2020 8:32 pm
by ADD Creative
What version of PHP?

Re: How to fix Google Chrome SameSite of OpenCart 3.0.3.2?

Posted: Fri Dec 11, 2020 9:50 pm
by HAO
php 7.3, Because Journal 3 does not support php 7.4, I remember the discussion half a year ago, Daniel seemed to have some solutions in mind, What should I do?

Re: How to fix Google Chrome SameSite of OpenCart 3.0.3.2?

Posted: Fri Dec 11, 2020 9:58 pm
by ADD Creative
HAO wrote:
Fri Dec 11, 2020 9:50 pm
php 7.3, Because Journal 3 does not support php 7.4, I remember the discussion half a year ago, Daniel seemed to have some solutions in mind, What should I do?
Try the changes in this post.
viewtopic.php?f=202&t=219633#p797082

Re: How to fix Google Chrome SameSite of OpenCart 3.0.3.2?

Posted: Tue Dec 15, 2020 12:11 pm
by webdesires
We have released a plugin that handles all this for you - Secure Cookies & Sessions (with Strict, Lax, None samesite)

Re: How to fix Google Chrome SameSite of OpenCart 3.0.3.2?

Posted: Tue Dec 22, 2020 12:19 am
by jvandemerwe
I have solved this with a VQMod modification. I am using Opencart 3.0.2.6 and PHP 7.3

Code: Select all

<?xml version="1.0" ?>

<modification>
    <id>Framework and catalog session samesite cookie</id>
    <vqmver>2.5.0</vqmver>
    <version>1.0</version>
    <author>J.J. van de Merwe</author>

    <file name="system/framework.php" error="log">
        <operation>
            <search position="replace">
                <![CDATA[
    setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
                ]]>
            </search>
            <add action="after">
                <![CDATA[
    // ### Modified code: your-filename.xml ###             
    setcookie(
        $config->get('session_name'),
        $session->getId(),
        [
            'expires'  => ini_get('session.cookie_lifetime'),
            'path'     => ini_get('session.cookie_path'),
            'domain'   => ini_get('session.cookie_domain'),
            'secure'   => true,
            'httponly' => true,
            'samesite' => 'None'
        ]
    );
    // ### (End) Modified code ###
                ]]>
            </add>
        </operation>
    </file>

    <file name="catalog/controller/startup/session.php" error="log">
        <operation>
            <search position="replace">
                <![CDATA[
            setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
                ]]>
            </search>
            <add action="after">
                <![CDATA[
            // ### Modified code: your-filename.xml ###   
            setcookie(
                $this->config->get('session_name'),
                $this->session->getId(),
                [
                    'expires'  => ini_get('session.cookie_lifetime'),
                    'path'     => ini_get('session.cookie_path'),
                    'domain'   => ini_get('session.cookie_domain'),
                    'secure'   => true,
                    'httponly' => true,
                    'samesite' => 'None'
                ]
            );
                ]]>
            </add>
        </operation>
    </file>
</modification>