I have 4 computers, I also use my mobile device to test checkout. Samsung Galaxy A70
No problems occurred in all processes, Do you think it is caused by other cookie files that I use?
For example, using Facebook or Google cookie files?
No problems occurred in all processes, Do you think it is caused by other cookie files that I use?
For example, using Facebook or Google cookie files?
I would doubt it. They will only be used by Facebook or Google, I can't see that your payment extension would use them. You could always try disabling them.
A few issues with your solution.
In system/library/session.php your session_set_cookie_params has the domain hardcoded. You should not set the domain at all or a the very least use ini_get('session.cookie_domain').
config/phpmailer/get_oauth_token.php is not part of OpenCart.
You are setting httponly of the language, tracking and currency cookies for PPH 7.3+ where this was not set before. Just be aware there could be rare cases where an extension or theme accesses them via JavaScript.
You might also want to mention most sites won't be affected, only sites where a payment gateway returns with a POST. Making the changes necessarily would lose the the security benefits.
Also the changes will be completely different for OpenCart 3.x and 1.
In system/library/session.php your session_set_cookie_params has the domain hardcoded. You should not set the domain at all or a the very least use ini_get('session.cookie_domain').
config/phpmailer/get_oauth_token.php is not part of OpenCart.
You are setting httponly of the language, tracking and currency cookies for PPH 7.3+ where this was not set before. Just be aware there could be rare cases where an extension or theme accesses them via JavaScript.
You might also want to mention most sites won't be affected, only sites where a payment gateway returns with a POST. Making the changes necessarily would lose the the security benefits.
Also the changes will be completely different for OpenCart 3.x and 1.
I could not find this code in system/library/session.php for Opencart 3.0.2 Default theme....Is there another file it should be placed in?HAO wrote: ↑Fri Aug 14, 2020 12:34 amOpen
system/library/session.php
FindReplaceCode: Select all
setcookie($key, $this->session_id, ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'), ini_get('session.cookie_secure'), ini_get('session.cookie_httponly'));
FindCode: Select all
setcookie($key, $this->session_id, ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => ini_get('session.cookie_httponly')]);
ReplaceCode: Select all
setcookie($key, '', time() - 42000, ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
Code: Select all
setcookie($key, '', ['expires' => time() - 42000, 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true]);
Get a secure, fast, and reliable web hosting service from https://turnuphosting.com.
Thank you @ADD Creative, I tried that but only OCSESSID cookies shows secure, both language and currency cookies show Same-site connections only.ADD Creative wrote: ↑Tue Jan 12, 2021 8:37 pmFor OpenCart 3.0.x and PHP 7.3 try.
viewtopic.php?f=202&t=219633#p797082
Attachments
currency.png (15.68 KiB) Viewed 896 times
language.png (15.71 KiB) Viewed 896 times
OCSESSID.png (14.82 KiB) Viewed 896 times
Get a secure, fast, and reliable web hosting service from https://turnuphosting.com.
Did you try the changes in linked post at the bottom? viewtopic.php?f=190&t=216579&start=20#p796020 Just ignore the session setcookie $key cookie changes and do the language and currency ones.
Yes @ADD Creative, thank you...it looks like it was cached in the browser lol...ADD Creative wrote: ↑Tue Jan 12, 2021 10:26 pmDid you try the changes in linked post at the bottom? viewtopic.php?f=190&t=216579&start=20#p796020 Just ignore the session setcookie $key cookie changes and do the language and currency ones.
Everything is showing secure now .
Get a secure, fast, and reliable web hosting service from https://turnuphosting.com.
Who is online
Users browsing this forum: No registered users and 276 guests