https://github.com/opencart/opencart/issues/7946
But I still don’t understand how my version can solve this problem, Can someone tell me how to modify the file?
Thank you!
It does not solve anything stated in the topic.
session cookies are set in catalog/controller/startup/session.php and system/framework.php
why twice? god only knows.
catalog/controller/startup/session.php
Code: Select all
setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
Code: Select all
setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path').'; SameSite=strict', ini_get('session.cookie_domain'),true,true);
Code: Select all
setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
Code: Select all
setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path').'; SameSite=strict', ini_get('session.cookie_domain'),true,true);
Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.
HAO wrote: ↑Wed Aug 19, 2020 11:05 amI have a OpenCart 3.0.2.0 stores, I know that Chrome 80 SameSite issues need to be fixed, I also saw this post:
https://github.com/opencart/opencart/issues/7946
But I still don’t understand how my version can solve this problem, Can someone tell me how to modify the file?
Thank you!
What is the exact problem you have and what PHP version are you using?Rizki saputra wrote: ↑Wed Aug 19, 2020 3:35 pmI have the same problem, I want to know the right answer
personally I would just set them secure and leave the rest as is for now.
Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.
This should only be necessary for payment gateways (or other third-party services) that POST back to the store and except the session the be active.
I believe the duplicate setting of the cookie was fixed in 3.0.3.2.
https://github.com/opencart/opencart/co ... a80d2828b1
viewtopic.php?f=202&t=219633#p797082
Regards, WebDesires.
We are a team of developers in the UK - professional and friendly, message us or give us a call anytime and we will be happy to help.
Phone: +44 (0) 121 318 6336 - Web: webdesires.co.uk - Skype: WebDesires
OpenCart Support - OpenCart Web Development - Our OpenCart Plugins
Code: Select all
<?xml version="1.0" ?>
<modification>
<id>Framework and catalog session samesite cookie</id>
<vqmver>2.5.0</vqmver>
<version>1.0</version>
<author>J.J. van de Merwe</author>
<file name="system/framework.php" error="log">
<operation>
<search position="replace">
<![CDATA[
setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
]]>
</search>
<add action="after">
<![CDATA[
// ### Modified code: your-filename.xml ###
setcookie(
$config->get('session_name'),
$session->getId(),
[
'expires' => ini_get('session.cookie_lifetime'),
'path' => ini_get('session.cookie_path'),
'domain' => ini_get('session.cookie_domain'),
'secure' => true,
'httponly' => true,
'samesite' => 'None'
]
);
// ### (End) Modified code ###
]]>
</add>
</operation>
</file>
<file name="catalog/controller/startup/session.php" error="log">
<operation>
<search position="replace">
<![CDATA[
setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
]]>
</search>
<add action="after">
<![CDATA[
// ### Modified code: your-filename.xml ###
setcookie(
$this->config->get('session_name'),
$this->session->getId(),
[
'expires' => ini_get('session.cookie_lifetime'),
'path' => ini_get('session.cookie_path'),
'domain' => ini_get('session.cookie_domain'),
'secure' => true,
'httponly' => true,
'samesite' => 'None'
]
);
]]>
</add>
</operation>
</file>
</modification>
Users browsing this forum: No registered users and 204 guests