Or on the contrary, does someone know how to give that attribute to all cookies on the site?
OPENCART: 3.0.3.2
PHP: > 7.3
Thank you.
Hello, does anyone know how to solve the problem generated by the OCSESSID cookie when entering third party sites and returning is rejected, for not having the attribute "sameSite" = None?
Or on the contrary, does someone know how to give that attribute to all cookies on the site?
OPENCART: 3.0.3.2
PHP: > 7.3
Thank you.
Or on the contrary, does someone know how to give that attribute to all cookies on the site?
OPENCART: 3.0.3.2
PHP: > 7.3
Thank you.
Last edited by juanca2020 on Sun Aug 23, 2020 5:03 pm, edited 1 time in total.
Someone? I can give a donation via PayPal, if the help is real. The truth is that I am a bit desperate, there is no information that solves that problem (generated by Chrome 80), with other cookies, such as language and currency. but nothing from the session.
Thank you.
Thank you.
system/framework.php
catalog/controller/startup/session.php
We use strict for the session but we do not have session cookie dependency for gateways.
Code: Select all
setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path').'; SameSite=None', ini_get('session.cookie_domain'),true,true);Code: Select all
setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path').'; SameSite=None', ini_get('session.cookie_domain'),true,true);Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.
it does not work, neither with the value "none" or "strict".
The only change that can be seen is that the products are not added to the cart.
thanks anyway
The only change that can be seen is that the products are not added to the cart.
thanks anyway
well, "it does not work" does not fly as that is exactly how our site runs.
Show the cookie listing in your developer tools.
as in:
Show the cookie listing in your developer tools.
as in:
Attachments
Capture.JPG (56.23 KiB) Viewed 15304 times
Last edited by letxobnav on Sat Aug 22, 2020 10:07 pm, edited 2 times in total.
Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.
For PHP 7.3, try.
In catalog/controller/startup/session.php change.
To.
In system/framework.php change.
To.
For the language and currency cookies, they should be the same as in this post.
viewtopic.php?f=190&t=216579&start=20#p796020
In catalog/controller/startup/session.php change.
Code: Select all
setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));Code: Select all
setcookie($this->config->get('session_name'), $this->session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);Code: Select all
setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));Code: Select all
setcookie($config->get('session_name'), $session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);viewtopic.php?f=190&t=216579&start=20#p796020
you refreshed modifications right? or you just edited the core?
Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.
You have a cache addon in chrome?
No need to recompile sass unless you changed scss files if you have any, that is all that does.
You did delete your cookies right?
well, anyway, post what code you have in:
catalog/controller/startup/session.php
and
system/framework.php
No need to recompile sass unless you changed scss files if you have any, that is all that does.
You did delete your cookies right?
well, anyway, post what code you have in:
catalog/controller/startup/session.php
and
system/framework.php
Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.
I deleted everything, even what is not necessary.
the only add-on I have for the cache in chrome is "Clear cache" that allows you to delete your choice (quickly):
App Cache
Cache
cookies
Downloads
etc.
catalog/controller/startup/session.php
system/framework.php
the only add-on I have for the cache in chrome is "Clear cache" that allows you to delete your choice (quickly):
App Cache
Cache
cookies
Downloads
etc.
catalog/controller/startup/session.php
Code: Select all
<?php
class ControllerStartupSession extends Controller {
public function index() {
if (isset($this->request->get['api_token']) && isset($this->request->get['route']) && substr($this->request->get['route'], 0, 4) == 'api/') {
$this->db->query("DELETE FROM `" . DB_PREFIX . "api_session` WHERE TIMESTAMPADD(HOUR, 1, date_modified) < NOW()");
// Make sure the IP is allowed
$api_query = $this->db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "api` `a` LEFT JOIN `" . DB_PREFIX . "api_session` `as` ON (a.api_id = as.api_id) LEFT JOIN " . DB_PREFIX . "api_ip `ai` ON (a.api_id = ai.api_id) WHERE a.status = '1' AND `as`.`session_id` = '" . $this->db->escape($this->request->get['api_token']) . "' AND ai.ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "'");
if ($api_query->num_rows) {
$this->session->start($this->request->get['api_token']);
// keep the session alive
$this->db->query("UPDATE `" . DB_PREFIX . "api_session` SET `date_modified` = NOW() WHERE `api_session_id` = '" . (int)$api_query->row['api_session_id'] . "'");
}
} else {
if (isset($_COOKIE[$this->config->get('session_name')])) {
$session_id = $_COOKIE[$this->config->get('session_name')];
} else {
$session_id = '';
}
$this->session->start($session_id);
// setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path').'; SameSite=None', ini_get('session.cookie_domain'),true,true);
}
}
}
system/framework.php
Code: Select all
<?php
// Registry
$registry = new Registry();
// Config
$config = new Config();
$config->load('default');
$config->load($application_config);
$registry->set('config', $config);
// Log
$log = new Log($config->get('error_filename'));
$registry->set('log', $log);
date_default_timezone_set($config->get('date_timezone'));
set_error_handler(function($code, $message, $file, $line) use($log, $config) {
// error suppressed with @
if (error_reporting() === 0) {
return false;
}
switch ($code) {
case E_NOTICE:
case E_USER_NOTICE:
$error = 'Notice';
break;
case E_WARNING:
case E_USER_WARNING:
$error = 'Warning';
break;
case E_ERROR:
case E_USER_ERROR:
$error = 'Fatal Error';
break;
default:
$error = 'Unknown';
break;
}
if ($config->get('error_display')) {
echo '<b>' . $error . '</b>: ' . $message . ' in <b>' . $file . '</b> on line <b>' . $line . '</b>';
}
if ($config->get('error_log')) {
$log->write('PHP ' . $error . ': ' . $message . ' in ' . $file . ' on line ' . $line);
}
return true;
});
// Event
$event = new Event($registry);
$registry->set('event', $event);
// Event Register
if ($config->has('action_event')) {
foreach ($config->get('action_event') as $key => $value) {
foreach ($value as $priority => $action) {
$event->register($key, new Action($action), $priority);
}
}
}
// Loader
$loader = new Loader($registry);
$registry->set('load', $loader);
// Request
$registry->set('request', new Request());
// Response
$response = new Response();
$response->addHeader('Content-Type: text/html; charset=utf-8');
$response->setCompression($config->get('config_compression'));
$registry->set('response', $response);
// Database
if ($config->get('db_autostart')) {
$registry->set('db', new DB($config->get('db_engine'), $config->get('db_hostname'), $config->get('db_username'), $config->get('db_password'), $config->get('db_database'), $config->get('db_port')));
}
// Session
$session = new Session($config->get('session_engine'), $registry);
$registry->set('session', $session);
if ($config->get('session_autostart')) {
/*
We are adding the session cookie outside of the session class as I believe
PHP messed up in a big way handling sessions. Why in the hell is it so hard to
have more than one concurrent session using cookies!
Is it not better to have multiple cookies when accessing parts of the system
that requires different cookie sessions for security reasons.
Also cookies can be accessed via the URL parameters. So why force only one cookie
for all sessions!
*/
if (isset($_COOKIE[$config->get('session_name')])) {
$session_id = $_COOKIE[$config->get('session_name')];
} else {
$session_id = '';
}
$session->start($session_id);
// setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path').'; SameSite=None', ini_get('session.cookie_domain'),true,true);
}
// Cache
$registry->set('cache', new Cache($config->get('cache_engine'), $config->get('cache_expire')));
// Url
if ($config->get('url_autostart')) {
$registry->set('url', new Url($config->get('site_url'), $config->get('site_ssl')));
}
// Language
$language = new Language($config->get('language_directory'));
$registry->set('language', $language);
// Document
$registry->set('document', new Document());
// Config Autoload
if ($config->has('config_autoload')) {
foreach ($config->get('config_autoload') as $value) {
$loader->config($value);
}
}
// Language Autoload
if ($config->has('language_autoload')) {
foreach ($config->get('language_autoload') as $value) {
$loader->language($value);
}
}
// Library Autoload
if ($config->has('library_autoload')) {
foreach ($config->get('library_autoload') as $value) {
$loader->library($value);
}
}
// Model Autoload
if ($config->has('model_autoload')) {
foreach ($config->get('model_autoload') as $value) {
$loader->model($value);
}
}
// Route
$route = new Router($registry);
// Pre Actions
if ($config->has('action_pre_action')) {
foreach ($config->get('action_pre_action') as $value) {
$route->addPreAction(new Action($value));
}
}
// Dispatch
$route->dispatch(new Action($config->get('action_router')), new Action($config->get('action_error')));
// Output
$response->output();
It may be more readable when testing, if you pass it as an array like below, also requires PHP 7.3 so confirm that.
ex:
ex:
Code: Select all
$session_config = [
'expires' => ini_get('session.cookie_lifetime'),
'path' => ini_get('session.cookie_path'),
'domain' => ini_get('session.cookie_domain'),
'samesite' => 'none',
'secure' => true,
'httponly' => true,
];
setcookie($this->config->get('session_name'), $this->session->getId(), $session_config);Full Stack Web Developer :: Send a PM for Custom Work.
Backup and learn how to recover before you make any changes!
I have also tried it like that, I have read the whole forum and github.sw!tch wrote: ↑Sun Aug 23, 2020 4:16 pmIt may be more readable when testing, if you pass it as an array like below, also requires PHP 7.3 so confirm that.
ex:
Code: Select all
$session_config = [ 'expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'none', 'secure' => true, 'httponly' => true, ]; setcookie($this->config->get('session_name'), $this->session->getId(), $session_config);
You have a link to your site? With it implemented?
My guess is you are not on PHP 7.3 , you may want to verify that through phpinfo.
My guess is you are not on PHP 7.3 , you may want to verify that through phpinfo.
Full Stack Web Developer :: Send a PM for Custom Work.
Backup and learn how to recover before you make any changes!
solved with thisADD Creative wrote: ↑Sat Aug 22, 2020 9:48 pmFor PHP 7.3, try.
In catalog/controller/startup/session.php change.To.Code: Select all
setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));In system/framework.php change.Code: Select all
setcookie($this->config->get('session_name'), $this->session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);To.Code: Select all
setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));For the language and currency cookies, they should be the same as in this post.Code: Select all
setcookie($config->get('session_name'), $session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
viewtopic.php?f=190&t=216579&start=20#p796020
Great!
Dont forget to put the word [SOLVED] in the post title.
Dont forget to put the word [SOLVED] in the post title.
Got an urgent question that’s keeping you up at night? There might just be a magical inbox ready to help: khnaz35@gmail.com
Enjoy nature 
ah, apologies, just realized we were still running on php v7.2
Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.
Seems that OCMods are getting applied to system/framework.php, but the modded file isn't loaded. The modded file for catalog/controller/startup/session.php is loaded ok.ADD Creative wrote: ↑Sat Aug 22, 2020 9:48 pmFor PHP 7.3, try.
In catalog/controller/startup/session.php change.To.Code: Select all
setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));In system/framework.php change.Code: Select all
setcookie($this->config->get('session_name'), $this->session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);To.Code: Select all
setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));For the language and currency cookies, they should be the same as in this post.Code: Select all
setcookie($config->get('session_name'), $session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
viewtopic.php?f=190&t=216579&start=20#p796020
OC 3031
Who is online
Users browsing this forum: Baidu [Spider] and 84 guests
