Post by HAO » Mon Mar 16, 2020 2:35 pm

Recently my payment gateway module failed to complete the checkout correctly, After contacting the payment gateway module company, it may be related to the support of iOS12 devices.

A technician from the payment gateway company told me that I had to modify the relevant code, But I don't know how to start? Can anyone help me? Thank you very much!

References:
Chrome 80 default SameSite=Lax
https://medium.com/@azure820529/chrome- ... ba0bc785a3
https://www.chromestatus.com/feature/5088147346030592
https://www.opencart.com/forum/viewtopi ... 20&t=87607
https://www.ithome.com.tw/news/133796

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by HAO » Mon Mar 23, 2020 8:11 pm

Can anyone tell me how to solve this?

Because it's very troublesome for me, I need to fix this!

Please help me, thanks!

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Mon Mar 23, 2020 8:33 pm

You need to provide more information as to what the problem is. Which cookie needs to accessed from a third-party domain? It's probably related to you payment gateway.

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Mon Mar 23, 2020 8:49 pm

Thanks for your reply!

I think this is the information I can provide, Dear Sir, Can you test for me?

https://github.com/GoogleChromeLabs/sam ... -601984395

My Payment Gateway Module:
https://www.ecpay.com.tw/Service/Appcntr_Shpcar

Thank you!

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Mon Mar 23, 2020 10:19 pm

Have you cleared all your browser cookies or tested in incognito mode?

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Mon Mar 23, 2020 10:27 pm

I did not find the problem in Firefox, In fact, I use Google Chrome without any problems.

However, there are still a few customers who report such problems with us, I don't know why this happens.

But according to my payment gateway company told me, This is related to issues and SameSite, And can't help me...

Can you perform related tests for me?

Thank you!

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Tue Mar 24, 2020 1:27 am

As far as I can tell it worked OK. The only third-party cookie I could see was one for google. This was correctly set with SameSite = None and Secure. There we no messages in the console about blocked third-party cookies.

Try getting your customers to clear their cookies. It could be that they have the cookies without the SameSite attribute and it's not getting updated.

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Tue Mar 24, 2020 12:29 pm

So you mean, I don’t need to make any changes to OpenCart and my payment gateway module, I just need to notify the customer, and asking him to clear his browser's cookies can solve this problem?

Do you mean that?

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Tue Mar 24, 2020 6:53 pm

Yes.

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Fri Apr 03, 2020 11:27 am

I have been informed and tested by other friends, I confirm that my payment module does not support SameSite correctly.

My test step:
Enter in the URL column of Chrome: chrome://flags/ and search "SameSite"

Enable the following experiments:
SameSite by default cookies
Cookies without SameSite must be secure

After that, use my payment gateway module and select the payment method of "Shop Pickup Payment"

He found during testing, When he chose this payment method to complete the checkout process, Shopping Cart items will be emptied.

My friend told me this is a problem with the payment gateway module, But I don't know how to fix it.

Can you confirm my new link for me?
https://github.com/GoogleChromeLabs/sam ... -608208347

-----------------

I referenced some articles
https://github.com/GoogleChromeLabs/sam ... ter/php.md
https://stackoverflow.com/questions/581 ... nhHqatooYI

A friend in Taiwan said that I wanted to put these codes in a cookie-related file:

Code: Select all

2.3.0.2-compiled/upload/catalog/controller/extension/module/amazon_login.php(10): setcookie('amazon_Login_state_cache', '', time() - 4815162342);
2.3.0.2-compiled/upload/catalog/controller/extension/module/amazon_login.php(195): setcookie('amazon_Login_state_cache', '', time() - 4815162342);
2.3.0.2-compiled/upload/catalog/controller/extension/module/amazon_pay.php(10): setcookie('amazon_Login_state_cache', '', time() - 4815162342);
2.3.0.2-compiled/upload/catalog/controller/extension/module/amazon_pay.php(217): setcookie('amazon_Login_state_cache', '', time() - 4815162342);
2.3.0.2-compiled/upload/catalog/controller/startup/startup.php(96): setcookie('language', $code, time() + 60 * 60 * 24 * 30, '/', $this->request->server['HTTP_HOST']);
2.3.0.2-compiled/upload/catalog/controller/startup/startup.php(124): setcookie('tracking', $this->request->get['tracking'], time() + 3600 * 24 * 1000, '/');
2.3.0.2-compiled/upload/catalog/controller/startup/startup.php(156): setcookie('currency', $code, time() + 60 * 60 * 24 * 30, '/', $this->request->server['HTTP_HOST']);
2.3.0.2-compiled/upload/system/library/session.php(50): setcookie($key, $this->session_id, ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'), ini_get('session.cookie_secure'), ini_get('session.cookie_httponly'));
2.3.0.2-compiled/upload/system/library/session.php(77): setcookie($key, '', time() - 42000, ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
In simple terms, he asked me to add the following code to these files:

setcookie('key', 'value', time()+(7*24*3600), "/; SameSite=None; Secure");

Specifically what should i do?

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Fri Apr 03, 2020 7:52 pm

See https://github.com/GoogleChromeLabs/sam ... ter/php.md for how to add same site to PHP setcookie. It's easiest it you are using PHP 7.3+.

However, apart from maybe the language and currency, I can't think why your payment gateway module would need access to those cookies you listed. The problem more likely lies with the payment gateway module, which you will neet to get the author to fix.

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Fri Apr 03, 2020 7:58 pm

My cPanel can switch to php 7.3, So this is no problem.

But the important thing is, Assuming my environment is already php 7.3, How can I apply the modifications to the OpenCart 2.3.0.2 file according to that article?

Anyway, My payment gateway module company is unwilling to help me, I have to solve this problem by myself, But I don't have the ability to program.

So I need a clear modification step, Can you help me?

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by webit » Sun Apr 05, 2020 8:09 pm

The problem is that Opencart should set a session cookie using a new attribute for samesite / secure (example samesite=None, Secure=true), otherwise Chrome will abort the cookie. In case a payment system is used that uses redirection and in case the customer takes over 2 minutes to finalize the payment, the customer session is lost when the customer returns to the store. The needed cookie attributes are only supported from PHP 7.3 (with the set_cookie function), in other cases the payment gateway providers should make a quickfix to prevent this problem, or an override should be made for OpenCart (although OpenCart should come up with a solution according to me). Chrome is implementing this gradually, so you might not experience this problem at the moment. You can test by setting the samesite cookie configuration in your Chrome browser like explained at https://www.ghacks.net/2020/02/05/chrom ... -upgrades/

Newbie

Posts

Joined
Thu Jan 05, 2012 7:02 pm

Post by HAO » Sun Apr 05, 2020 8:25 pm

So you mean, my payment gateway module company must solve this problem for me, right?

Anyway, I have installed php 7.3 now, I need to be able to solve this problem with the modification steps I can understand.

Open file, Search, Replace (Or Add code above or below)

Can anyone tell me what to do?

Because my payment gateway is really hard to do for me, If it is the part that OpnCart can handle, I hope to get your help.

Thank you!

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Sun Apr 05, 2020 9:17 pm

You need to change all the setcookies calls to the 2nd format by putting options in an array.
https://www.php.net/manual/en/function.setcookie.php

So

Code: Select all

setcookie('currency', $code, time() + 60 * 60 * 24 * 30, '/', $this->request->server['HTTP_HOST']);
Becomes

Code: Select all

setcookie('currency', $code, ['expires' => time() + 60 * 60 * 24 * 30, 'path' => '/', 'domain' => $this->request->server['HTTP_HOST'], 'samesite' => 'None', 'secure' => true]);
I wouldn't bother doing the Amazon cookies unless you are using the Amazon login or pay. I'd be weary of doing the session cookies, unless you have to, as one of the reasons for changing the default of SameSite was to protect cookies such as the session cookie.

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Mon Apr 06, 2020 2:12 am

Thank you for your reply!

Because someone told me that I only need to search and change the code for the following keywords:

Code: Select all

setcookie('
So you mean I just need to modify these two codes?

Code: Select all

			setcookie('language', $code, time() + 60 * 60 * 24 * 30, '/', $this->request->server['HTTP_HOST']);
and

Code: Select all

			setcookie('currency', $code, time() + 60 * 60 * 24 * 30, '/', $this->request->server['HTTP_HOST']);
Because I don't need to use Amazon, I should not need to modify this file, But how do I modify other files?

Thank you!

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Tue Apr 07, 2020 1:20 am

Yes, change those two lines with setcookie first and the tracking one. If that doesn't help you have to look at changing the setcookie lines in system/library/session.php as well.

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Tue Apr 07, 2020 1:28 am

I have modified the file, But the error warning still exists.

What should I do next?

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Tue Apr 07, 2020 6:18 pm

What files have you changed so far? What warnings are you still getting? What cookies and flags do you see in your web browser's development tool?

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Tue Apr 07, 2020 6:37 pm

Thank you very much for the help of ADD Creative, I seem to have solved this problem!

Thank you!

Open file:
upload/catalog/controller/startup/startup.php

Found

Code: Select all

setcookie('currency', $code, time() + 60 * 60 * 24 * 30, '/', $this->request->server['HTTP_HOST']);
Replace

Code: Select all

setcookie('currency', $code, ['expires' => time() + 60 * 60 * 24 * 30, 'path' => '/', 'domain' => $this->request->server['HTTP_HOST'], 'samesite' => 'None', 'secure' => true]);
Found

Code: Select all

setcookie('language', $code, time() + 60 * 60 * 24 * 30, '/', $this->request->server['HTTP_HOST']);
Replace

Code: Select all

setcookie('language', $code, ['expires' => time() + 60 * 60 * 24 * 30, 'path' => '/', 'domain' => $this->request->server['HTTP_HOST'], 'samesite' => 'None', 'secure' => true]);
Open file:
upload/system/library/session.php

Found

Code: Select all

			setcookie($key, $this->session_id, ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'), ini_get('session.cookie_secure'), ini_get('session.cookie_httponly'));
Replace

Code: Select all

			setcookie($key, $this->session_id, ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => ini_get('session.cookie_httponly')]);
Found

Code: Select all

		setcookie($key, '', time() - 42000, ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
Replace

Code: Select all

		setcookie($key, '', ['expires' => time() - 42000, 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true]);
Last edited by HAO on Wed Apr 08, 2020 2:14 pm, edited 2 times in total.

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm
Who is online

Users browsing this forum: No registered users and 30 guests