Post by juanca2020 » Fri Aug 21, 2020 6:34 am

Hello, does anyone know how to solve the problem generated by the OCSESSID cookie when entering third party sites and returning is rejected, for not having the attribute "sameSite" = None?
Or on the contrary, does someone know how to give that attribute to all cookies on the site?
OPENCART: 3.0.3.2
PHP: > 7.3
Thank you. ???
Last edited by juanca2020 on Sun Aug 23, 2020 5:03 pm, edited 1 time in total.

Newbie

Posts

Joined
Fri Aug 21, 2020 5:16 am

Post by juanca2020 » Sat Aug 22, 2020 9:50 am

Someone? I can give a donation via PayPal, if the help is real. The truth is that I am a bit desperate, there is no information that solves that problem (generated by Chrome 80), with other cookies, such as language and currency. but nothing from the session.
Thank you.

Newbie

Posts

Joined
Fri Aug 21, 2020 5:16 am

Post by letxobnav » Sat Aug 22, 2020 1:09 pm

system/framework.php

Code: Select all

setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path').'; SameSite=None', ini_get('session.cookie_domain'),true,true);
catalog/controller/startup/session.php

Code: Select all

setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path').'; SameSite=None', ini_get('session.cookie_domain'),true,true);
We use strict for the session but we do not have session cookie dependency for gateways.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by juanca2020 » Sat Aug 22, 2020 5:19 pm

it does not work, neither with the value "none" or "strict".
The only change that can be seen is that the products are not added to the cart.
thanks anyway

Newbie

Posts

Joined
Fri Aug 21, 2020 5:16 am

Post by letxobnav » Sat Aug 22, 2020 9:32 pm

well, "it does not work" does not fly as that is exactly how our site runs.
Show the cookie listing in your developer tools.

as in:

Attachments

Capture.JPG

Capture.JPG (56.23 KiB) Viewed 2070 times

Last edited by letxobnav on Sat Aug 22, 2020 10:07 pm, edited 2 times in total.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by ADD Creative » Sat Aug 22, 2020 9:48 pm

For PHP 7.3, try.

In catalog/controller/startup/session.php change.

Code: Select all

setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
To.

Code: Select all

setcookie($this->config->get('session_name'), $this->session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
In system/framework.php change.

Code: Select all

setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
To.

Code: Select all

setcookie($config->get('session_name'), $session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
For the language and currency cookies, they should be the same as in this post.
viewtopic.php?f=190&t=216579&start=20#p796020

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by juanca2020 » Sun Aug 23, 2020 6:55 am

letxobnav wrote:
Sat Aug 22, 2020 9:32 pm
well, "it does not work" does not fly as that is exactly how our site runs.
Show the cookie listing in your developer tools.

as in:
Image

Newbie

Posts

Joined
Fri Aug 21, 2020 5:16 am

Post by letxobnav » Sun Aug 23, 2020 11:41 am

you refreshed modifications right? or you just edited the core?

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by juanca2020 » Sun Aug 23, 2020 12:06 pm

letxobnav wrote:
Sun Aug 23, 2020 11:41 am
you refreshed modifications right? or you just edited the core?
Yes.
I removed the template cache, SASS. [ok]
clear and refresh in modifications [ok]
clear cache addon chrome [ok]
and private mode [ok]

???

Newbie

Posts

Joined
Fri Aug 21, 2020 5:16 am

Post by letxobnav » Sun Aug 23, 2020 1:21 pm

You have a cache addon in chrome?
No need to recompile sass unless you changed scss files if you have any, that is all that does.
You did delete your cookies right?

well, anyway, post what code you have in:
catalog/controller/startup/session.php
and
system/framework.php

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by juanca2020 » Sun Aug 23, 2020 3:58 pm

I deleted everything, even what is not necessary.
the only add-on I have for the cache in chrome is "Clear cache" that allows you to delete your choice (quickly):
App Cache
Cache
cookies
Downloads
etc.

catalog/controller/startup/session.php

Code: Select all

<?php
class ControllerStartupSession extends Controller {
	public function index() {
		if (isset($this->request->get['api_token']) && isset($this->request->get['route']) && substr($this->request->get['route'], 0, 4) == 'api/') {
			$this->db->query("DELETE FROM `" . DB_PREFIX . "api_session` WHERE TIMESTAMPADD(HOUR, 1, date_modified) < NOW()");
					
			// Make sure the IP is allowed
			$api_query = $this->db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "api` `a` LEFT JOIN `" . DB_PREFIX . "api_session` `as` ON (a.api_id = as.api_id) LEFT JOIN " . DB_PREFIX . "api_ip `ai` ON (a.api_id = ai.api_id) WHERE a.status = '1' AND `as`.`session_id` = '" . $this->db->escape($this->request->get['api_token']) . "' AND ai.ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "'");
		 
			if ($api_query->num_rows) {
				$this->session->start($this->request->get['api_token']);
				
				// keep the session alive
				$this->db->query("UPDATE `" . DB_PREFIX . "api_session` SET `date_modified` = NOW() WHERE `api_session_id` = '" . (int)$api_query->row['api_session_id'] . "'");
			}
		} else {
			if (isset($_COOKIE[$this->config->get('session_name')])) {
				$session_id = $_COOKIE[$this->config->get('session_name')];
			} else {
				$session_id = '';
			}
			
			$this->session->start($session_id);
			
			// setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
			
			setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path').'; SameSite=None', ini_get('session.cookie_domain'),true,true);
			
		}
	}
}

system/framework.php

Code: Select all

<?php
// Registry
$registry = new Registry();

// Config
$config = new Config();
$config->load('default');
$config->load($application_config);
$registry->set('config', $config);

// Log
$log = new Log($config->get('error_filename'));
$registry->set('log', $log);

date_default_timezone_set($config->get('date_timezone'));

set_error_handler(function($code, $message, $file, $line) use($log, $config) {
	// error suppressed with @
	if (error_reporting() === 0) {
		return false;
	}

	switch ($code) {
		case E_NOTICE:
		case E_USER_NOTICE:
			$error = 'Notice';
			break;
		case E_WARNING:
		case E_USER_WARNING:
			$error = 'Warning';
			break;
		case E_ERROR:
		case E_USER_ERROR:
			$error = 'Fatal Error';
			break;
		default:
			$error = 'Unknown';
			break;
	}

	if ($config->get('error_display')) {
		echo '<b>' . $error . '</b>: ' . $message . ' in <b>' . $file . '</b> on line <b>' . $line . '</b>';
	}

	if ($config->get('error_log')) {
		$log->write('PHP ' . $error . ':  ' . $message . ' in ' . $file . ' on line ' . $line);
	}

	return true;
});

// Event
$event = new Event($registry);
$registry->set('event', $event);

// Event Register
if ($config->has('action_event')) {
	foreach ($config->get('action_event') as $key => $value) {
		foreach ($value as $priority => $action) {
			$event->register($key, new Action($action), $priority);
		}
	}
}

// Loader
$loader = new Loader($registry);
$registry->set('load', $loader);

// Request
$registry->set('request', new Request());

// Response
$response = new Response();
$response->addHeader('Content-Type: text/html; charset=utf-8');
$response->setCompression($config->get('config_compression'));
$registry->set('response', $response);

// Database
if ($config->get('db_autostart')) {
	$registry->set('db', new DB($config->get('db_engine'), $config->get('db_hostname'), $config->get('db_username'), $config->get('db_password'), $config->get('db_database'), $config->get('db_port')));
}

// Session
$session = new Session($config->get('session_engine'), $registry);
$registry->set('session', $session);

if ($config->get('session_autostart')) {
	/*
	We are adding the session cookie outside of the session class as I believe
	PHP messed up in a big way handling sessions. Why in the hell is it so hard to
	have more than one concurrent session using cookies!

	Is it not better to have multiple cookies when accessing parts of the system
	that requires different cookie sessions for security reasons.

	Also cookies can be accessed via the URL parameters. So why force only one cookie
	for all sessions!
	*/

	if (isset($_COOKIE[$config->get('session_name')])) {
		$session_id = $_COOKIE[$config->get('session_name')];
	} else {
		$session_id = '';
	}

	$session->start($session_id);

	// setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
	
	setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path').'; SameSite=None', ini_get('session.cookie_domain'),true,true);
}

// Cache
$registry->set('cache', new Cache($config->get('cache_engine'), $config->get('cache_expire')));

// Url
if ($config->get('url_autostart')) {
	$registry->set('url', new Url($config->get('site_url'), $config->get('site_ssl')));
}

// Language
$language = new Language($config->get('language_directory'));
$registry->set('language', $language);

// Document
$registry->set('document', new Document());

// Config Autoload
if ($config->has('config_autoload')) {
	foreach ($config->get('config_autoload') as $value) {
		$loader->config($value);
	}
}

// Language Autoload
if ($config->has('language_autoload')) {
	foreach ($config->get('language_autoload') as $value) {
		$loader->language($value);
	}
}

// Library Autoload
if ($config->has('library_autoload')) {
	foreach ($config->get('library_autoload') as $value) {
		$loader->library($value);
	}
}

// Model Autoload
if ($config->has('model_autoload')) {
	foreach ($config->get('model_autoload') as $value) {
		$loader->model($value);
	}
}

// Route
$route = new Router($registry);

// Pre Actions
if ($config->has('action_pre_action')) {
	foreach ($config->get('action_pre_action') as $value) {
		$route->addPreAction(new Action($value));
	}
}

// Dispatch
$route->dispatch(new Action($config->get('action_router')), new Action($config->get('action_error')));

// Output
$response->output();

Newbie

Posts

Joined
Fri Aug 21, 2020 5:16 am

Post by sw!tch » Sun Aug 23, 2020 4:16 pm

It may be more readable when testing, if you pass it as an array like below, also requires PHP 7.3 so confirm that.

ex:

Code: Select all

         $session_config = [
                    'expires'  => ini_get('session.cookie_lifetime'),
                    'path'     => ini_get('session.cookie_path'),
                    'domain'   => ini_get('session.cookie_domain'),
                    'samesite' => 'none',
                    'secure'   => true,
                    'httponly' => true,
            ];
            
           setcookie($this->config->get('session_name'), $this->session->getId(), $session_config);

Backup and learn how to recover before you make any changes!
Full Stack Web Developer :: Contact via PM for custom work.


Active Member

Posts

Joined
Sat Apr 28, 2012 2:32 pm
Location - USA

Post by juanca2020 » Sun Aug 23, 2020 4:22 pm

sw!tch wrote:
Sun Aug 23, 2020 4:16 pm
It may be more readable when testing, if you pass it as an array like below, also requires PHP 7.3 so confirm that.

ex:

Code: Select all

         $session_config = [
                    'expires'  => ini_get('session.cookie_lifetime'),
                    'path'     => ini_get('session.cookie_path'),
                    'domain'   => ini_get('session.cookie_domain'),
                    'samesite' => 'none',
                    'secure'   => true,
                    'httponly' => true,
            ];
            
           setcookie($this->config->get('session_name'), $this->session->getId(), $session_config);
I have also tried it like that, I have read the whole forum and github.

Newbie

Posts

Joined
Fri Aug 21, 2020 5:16 am

Post by sw!tch » Sun Aug 23, 2020 4:27 pm

You have a link to your site? With it implemented?

My guess is you are not on PHP 7.3 , you may want to verify that through phpinfo.

Backup and learn how to recover before you make any changes!
Full Stack Web Developer :: Contact via PM for custom work.


Active Member

Posts

Joined
Sat Apr 28, 2012 2:32 pm
Location - USA

Post by juanca2020 » Sun Aug 23, 2020 5:02 pm

ADD Creative wrote:
Sat Aug 22, 2020 9:48 pm
For PHP 7.3, try.

In catalog/controller/startup/session.php change.

Code: Select all

setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
To.

Code: Select all

setcookie($this->config->get('session_name'), $this->session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
In system/framework.php change.

Code: Select all

setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
To.

Code: Select all

setcookie($config->get('session_name'), $session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
For the language and currency cookies, they should be the same as in this post.
viewtopic.php?f=190&t=216579&start=20#p796020
solved with this

Newbie

Posts

Joined
Fri Aug 21, 2020 5:16 am

Post by khnaz35 » Sun Aug 23, 2020 5:04 pm

Great!
Dont forget to put the word [SOLVED] in the post title.

Urgent Questions shoot here: khnaz35@gmail.com
Enjoy nature ;) :) :-*


User avatar
Active Member

Posts

Joined
Mon Aug 27, 2018 11:30 pm
Location - Malaysia

Post by letxobnav » Sun Aug 23, 2020 6:07 pm

ah, apologies, just realized we were still running on php v7.2

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by juanca2020 » Mon Aug 24, 2020 5:34 am

letxobnav wrote:
Sun Aug 23, 2020 6:07 pm
ah, apologies, just realized we were still running on php v7.2
Any help is appreciated. really. :good:

Newbie

Posts

Joined
Fri Aug 21, 2020 5:16 am

Post by abdullahTR » Wed Sep 16, 2020 3:07 pm

juanca2020 wrote:
Fri Aug 21, 2020 6:34 am
Hello, does anyone know how to solve the problem generated by the OCSESSID cookie when entering third party sites and returning is rejected, for not having the attribute "sameSite" = None?
Or on the contrary, does someone know how to give that attribute to all cookies on the site?
OPENCART: 3.0.3.2
PHP: > 7.3
Thank you. ???
OPENCART: 3.0.3.2
PHP: > 7.0
THEME : JOURNAL 3.1.4

how can I do it?

Newbie

Posts

Joined
Tue May 12, 2020 8:44 pm

Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom
Who is online

Users browsing this forum: No registered users and 36 guests