Post by ADD Creative » Tue Apr 07, 2020 10:18 pm

Your two changes to upload/system/library/session.php are wrong. They should be something like below. I've not tested so please check.

Code: Select all

setcookie($key, $this->session_id, ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => ini_get('session.cookie_httponly')]);

Code: Select all

setcookie($key, '', ['expires' => time() - 42000, 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true]);
Once the changes are made, if you still get the warnings you need to check your cookies. See https://developers.google.com/web/tools ... ge/cookies on how to do that.

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Wed Apr 08, 2020 2:18 pm

Thank you for your help!

I turned on the experimental function and tested the checkout process, no problems were found.

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by HAO » Sun Apr 12, 2020 10:23 pm

I have a friend who reports to me, There seems to be a problem with the environment of his iPhone, Can anyone help with the test?

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by redmail » Thu Apr 16, 2020 8:25 pm

Were you able to solve the samesite cookie for opencart?
Its going to affect all ecommerce websites so its important to sort this out asap.

Further reading from a Taiwan developer on how to implement this in opencart:

viewtopic.php?f=64&t=217040&p=782859&hi ... te#p782859

https://translate.googleusercontent.com ... f_9fM6LpfA

https://translate.googleusercontent.com ... pL6EIiSxQg

Newbie

Posts

Joined
Thu Jan 16, 2020 10:10 pm

Post by HAO » Fri Apr 17, 2020 3:57 pm

I think we need to solve this problem, Does anyone have other solutions?

We need your help, Thank you!

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by HAO » Tue May 26, 2020 3:21 pm

The same problem happened again today, Does anyone have other effective solutions?

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by OSWorX » Wed Jun 17, 2020 2:47 pm

Just a remark on the "solution": if used, you need at least php 7.3
That will NOT work if php is less!
See an ongoing discussion here: https://github.com/opencart/opencart/issues/7946

Custom Development | Individuelle Entwicklung | Support & Bugfixes

Image Image Image


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by HAO » Thu Aug 13, 2020 1:15 pm

OSWorX wrote:
Wed Jun 17, 2020 2:47 pm
Just a remark on the "solution": if used, you need at least php 7.3
That will NOT work if php is less!
See an ongoing discussion here: https://github.com/opencart/opencart/issues/7946
Okay, the situation is as follows:
My current environment is: PHP Version 7.3.21

What should I do to solve this problem?

Can you tell me how to solve this problem with steps and steps?

Which files to modify, and which code content to modify?

Thank you!

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Thu Aug 13, 2020 5:50 pm

What is you website URL?

Have you set the following in your php,ini or user.ini?
session.cookie_secure=On
session.cookie_samesite="None"

Have you modified the two lines below and if so what to?
https://github.com/opencart/opencart/bl ... on.php#L50
https://github.com/opencart/opencart/bl ... on.php#L77

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Thu Aug 13, 2020 8:06 pm

This is the URL of my store:
https://www.tylee.tw

We are using VPS hosting, so I think we should be able to modify the php.ini file directly.

You mean my environment, only need to modify the two steps you mentioned, can I solve the problem?

Do you mean this?

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Thu Aug 13, 2020 9:11 pm

Yes add them to the php.ini or user.ini.

Then change the two lines in session.php to something like. viewtopic.php?p=795991#p782590

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Fri Aug 14, 2020 12:34 am

Thanks for your reply!

My my hosting provider has helped me modify the php.ini file and restarted Apache, I am also following your instructions to modify the following files:
Open

Code: Select all

catalog/controller/startup/startup.php
Find

Code: Select all

			setcookie('language', $code, time() + 60 * 60 * 24 * 30, '/', $this->request->server['HTTP_HOST']);
Replace

Code: Select all

			setcookie('language', $code, ['expires' => time() + 60 * 60 * 24 * 30, 'path' => '/', 'domain' => $this->request->server['HTTP_HOST'], 'samesite' => 'None', 'secure' => true]);
Find

Code: Select all

			setcookie('currency', $code, time() + 60 * 60 * 24 * 30, '/', $this->request->server['HTTP_HOST']);
Replace

Code: Select all

			setcookie('currency', $code, ['expires' => time() + 60 * 60 * 24 * 30, 'path' => '/', 'domain' => $this->request->server['HTTP_HOST'], 'samesite' => 'None', 'secure' => true]);
Open
system/library/session.php

Find

Code: Select all

			setcookie($key, $this->session_id, ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'), ini_get('session.cookie_secure'), ini_get('session.cookie_httponly'));
Replace

Code: Select all

			setcookie($key, $this->session_id, ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => ini_get('session.cookie_httponly')]);
Find

Code: Select all

		setcookie($key, '', time() - 42000, ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
Replace

Code: Select all

		setcookie($key, '', ['expires' => time() - 42000, 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true]);
But the same problem still exists, When I redirected to the page of the payment module website, When the operation is completed and I return to my store page, my account login status will be logged out.

What is the problem?

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Fri Aug 14, 2020 1:32 am

Your currency, language and OpenCart default cookies are all now correct.

You PHPSESSID is not. You may need to contact you host again about the PHP session cookie settings.

Or in session.php add:

Code: Select all

ini_set('session.cookie_secure', 'On');
ini_set('session.cookie_samesite', 'None');
Just after.

Code: Select all

ini_set('session.cookie_httponly', 'On');

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Fri Aug 14, 2020 1:49 am

I seem to have solved this problem, But because I cleared Google Chrome’s cookies before testing, I’m not sure if the same will happen next.

Anyway, Thank you for your help!

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by HAO » Sat Aug 22, 2020 8:08 pm

The same problem still exists, How can i solve this problem?

This is a debug message from Google Chrome:

Code: Select all

A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at <URL> and <URL>.

Code: Select all

A cookie associated with a cross-site resource at https://google.com/ was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Sat Aug 22, 2020 9:11 pm

What cookies is your site setting and with what flags? In Chrome developer tools go to Application -> Storage -> Cookies -> Your domain. If you post them here hide the values.

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Sat Aug 22, 2020 9:48 pm

I have sent a private message to you.

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Sat Aug 22, 2020 10:36 pm

I can see that your PHPSESSID, default, currency and language cookies all correctly have SameSite=None and Strict.

You have a lot of other cookies. These are not ones set by the OpenCart core. These will set by extensions or your payment gateway.

Test your browser here. https://samesite-sandbox.glitch.me/

If the results are all green then your browser is using the new behaviour.

If not you can switch the current version of Chrome into the cookie mode.
Switch both "SameSite by default cookies" and "Cookies without SameSite must be secure" to Enabled.
chrome://flags/#same-site-by-default-cookies
chrome://flags/#cookies-without-same-site-must-be-secure

Once done test you browser again with the above test link.

Once you know your browser is in the new mode test your payment module again. If it works then cookies are not the problem.

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Sat Aug 22, 2020 11:22 pm

This is the case of my computer, Is this problem related to the settings of the client?

Can you help me test the checkout process?

Test product link:
https://www.tylee.tw/index.php?route=pr ... t_id=10008

Test account: test@tylee.tw
Password: xXAH7spZ4nZVzcD

Thank you!

Attachments

2020-08-22_230703.png

2020-08-22_230703.png (35.02 KiB) Viewed 982 times


HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Sun Aug 23, 2020 12:13 am

Your browser is using the new behavior and your site is setting the cookies correctly. Now test your checkout, if it works for you and not your customers, the issue is likely to be something else and not cookie related.

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom
Who is online

Users browsing this forum: No registered users and 27 guests