Post by HAO » Tue Jul 06, 2021 10:30 am

Yesterday I saw this article on the site of Taiwan, Basically saying that the option "SameSite by default cookies" has been removed by Chrome 91.

If this is a confirmed news, How can we make OpenCart 2.3 support Chrome 91 and solve the SameSite problem? I mean the third-party payment gateway module still has the same problem, I need someone to tell us how to solve it?

Does anyone know the latest solutions in OpenCart 2.3 and OpenCart 3.0?

Please help me, Thank you!

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Tue Jul 06, 2021 4:54 pm

The article is about the hidden chrome://flags SameSite settings being removed. Only a tiny percentage of customers will of ever changed theses setting, so I don't see how anything has really changed. See: https://www.chromium.org/updates/same-site

www.add-creative.co.uk


Guru Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Tue Jul 06, 2021 5:05 pm

So this means that the changes we made last year do not require any changes, do you mean that?

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Tue Jul 06, 2021 7:19 pm

HAO wrote:
Tue Jul 06, 2021 5:05 pm
So this means that the changes we made last year do not require any changes, do you mean that?
No changes needed. If it worked in Chrome 90 (without changes to any hidden settings) it will work in Chrome 91.

www.add-creative.co.uk


Guru Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Mon Aug 30, 2021 11:31 am

I must say that our previous modification method is no longer valid, Because every day, many customers report to us that they cannot normally use the payment gateway module to complete the payment, Can you find out the latest solution for us now?

Thank you!

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Mon Aug 30, 2021 5:32 pm

Check the cookie flags in your web browser's developer tool. Is same SiteSite set to "None" and Secure set?

www.add-creative.co.uk


Guru Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Sun Sep 24, 2023 5:04 am

ADD Creative wrote:
Mon Aug 30, 2021 5:32 pm
Check the cookie flags in your web browser's developer tool. Is same SiteSite set to "None" and Secure set?
After this, my original payment module worked fine, But a few days ago we installed a new payment module and there was a problem.

That module seems to use technology from SameSite - Lax, So my original payment module works fine, but when I use the new module it doesn't work properly.

So my original payment module works fine, but when I use the new module it doesn't work properly.

I have verified the source code of OpenCart 4.0.2.3, I found that Daniel ended up using SameSite - Lax as a solution:

Code: Select all

		// Set a new currency cookie if the code does not match the current one
		if (!isset($this->request->cookie['currency']) || $this->request->cookie['currency'] != $code) {
			$option = [
				'expires'  => time() + 60 * 60 * 24 * 30,
				'path'     => '/',
				'SameSite' => 'Lax'
			];

			setcookie('currency', $code, $option);
		}
How can I teach you how to change my SameSite=None modification method to SameSite - Lax?

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by SohBH » Sun Sep 24, 2023 4:35 pm

Add to .htaccess

Code: Select all

Header always edit Set-Cookie (.*) "$1; SameSite=Lax"

Web Development for service businesses serious about online growth


User avatar
Active Member

Posts

Joined
Mon Nov 02, 2020 12:01 am
Location - Malaysia

Post by HAO » Sun Sep 24, 2023 6:43 pm

But the problem is that I have modified the code according to this:

How do I deal with the code I have modified, Let my original payment module work normally?

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Mon Sep 25, 2023 12:58 am

If a payment method works with with Lax it will also work with None, so there would be no need to change.

www.add-creative.co.uk


Guru Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Mon Sep 25, 2023 3:49 pm

This is the payment module I originally used, I have confirmed that I am in the original OpenCart environment and if I have not modified the SiteSite-None solution, I am not functioning properly.
https://github.com/ECPay/OpenCart2.3.0.2
https://github.com/ECPay/OpenCart3.X

When I use the solution you modified for me, The problem of not being able to be used properly has been solved, But when I install a new module in the same environment, it cannot be used normally.
https://github.com/payuni/OpenCart3.X

I now want to confirm how to solve the compatibility problem between the two?
ECPay SiteSite = None
payuni SiteSite = Lax
OpenCart 4.0.2.3 has officially used SiteSite = Lax

Does this mean that my problem can be solved as long as ECPay can operate normally in the environment of SiteSite = Lax?

If so, how should I change this code?
viewtopic.php?f=202&t=219633#p797082

Can you help me?

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by SohBH » Mon Sep 25, 2023 4:30 pm

Are you using the right extension for Opencart 2?
https://github.com/payuni/OpenCart3.X
This is for Opencart 3.

Web Development for service businesses serious about online growth


User avatar
Active Member

Posts

Joined
Mon Nov 02, 2020 12:01 am
Location - Malaysia

Post by ADD Creative » Mon Sep 25, 2023 6:29 pm

HAO wrote:
Mon Sep 25, 2023 3:49 pm
This is the payment module I originally used, I have confirmed that I am in the original OpenCart environment and if I have not modified the SiteSite-None solution, I am not functioning properly.
https://github.com/ECPay/OpenCart2.3.0.2
https://github.com/ECPay/OpenCart3.X

When I use the solution you modified for me, The problem of not being able to be used properly has been solved, But when I install a new module in the same environment, it cannot be used normally.
https://github.com/payuni/OpenCart3.X

I now want to confirm how to solve the compatibility problem between the two?
ECPay SiteSite = None
payuni SiteSite = Lax
OpenCart 4.0.2.3 has officially used SiteSite = Lax

Does this mean that my problem can be solved as long as ECPay can operate normally in the environment of SiteSite = Lax?

If so, how should I change this code?
viewtopic.php?f=202&t=219633#p797082

Can you help me?
If you are using SameSite=None, then payment extensions that require either None or Lax will work. If you are using SameSite=Lax, then only payment extensions that require Lax will work.

www.add-creative.co.uk


Guru Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Mon Sep 25, 2023 10:01 pm

What I mean is, can ECPay be changed to SiteSite = Lax?

By modify the code of this post, Would it be possible to solve my problem if I changed None to Lax in this code?

Original

Code: Select all

'samesite' => 'None',
Change to

Code: Select all

'samesite' => 'Lax',
This is what I want to confirm, Because I heard that future iPhones and browsers will directly cancel SameSite None.

If so, I want to update the practice like this, Can you help me?

Thank you!

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Tue Sep 26, 2023 2:22 am

HAO wrote:
Mon Sep 25, 2023 10:01 pm
What I mean is, can ECPay be changed to SiteSite = Lax?

By modify the code of this post, Would it be possible to solve my problem if I changed None to Lax in this code?

Original

Code: Select all

'samesite' => 'None',
Change to

Code: Select all

'samesite' => 'Lax',
This is what I want to confirm, Because I heard that future iPhones and browsers will directly cancel SameSite None.

If so, I want to update the practice like this, Can you help me?

Thank you!
Yes, if you want to change SameSite to Lax then in the changes replace None with Lax.

www.add-creative.co.uk


Guru Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Tue Sep 26, 2023 8:12 am

Because I can only use Google Translate to understand what you mean, What you mean is that no matter which version of OpenCart I use, I only need to modify the keywords and other code does not need to be modified, right?

Original

Code: Select all

'samesite' => 'None',
Change to

Code: Select all

'samesite' => 'Lax',
I only need to make this modification and no other changes are needed, right?

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Tue Sep 26, 2023 4:00 pm

HAO wrote:
Tue Sep 26, 2023 8:12 am
Because I can only use Google Translate to understand what you mean, What you mean is that no matter which version of OpenCart I use, I only need to modify the keywords and other code does not need to be modified, right?

Original

Code: Select all

'samesite' => 'None',
Change to

Code: Select all

'samesite' => 'Lax',
I only need to make this modification and no other changes are needed, right?
Yes.

www.add-creative.co.uk


Guru Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Tue Jun 04, 2024 6:36 pm

Hello!

Recently we had the same problem again, but this time the customer successfully completed the payment.

But the order status cannot be updated normally, After searching for keywords on Google, I found that it may be related to SameSite being abandoned in 2024.

This is my code:

Open:
catalog/controller/startup/startup.php

Find:

Code: Select all

			setcookie('language', $code, time() + 60 * 60 * 24 * 30, '/', $this->request->server['HTTP_HOST']);
Replace:

Code: Select all

			setcookie('language', $code, ['expires' => time() + 60 * 60 * 24 * 30, 'path' => '/', 'domain' => $this->request->server['HTTP_HOST'], 'SameSite' => 'None', 'Secure' => true]);
Open:
system/library/session.php

Find:

Code: Select all

			ini_set('session.cookie_httponly', 'On');
Add after:

Code: Select all

			ini_set('session.cookie_secure', 'On');
			ini_set('session.cookie_samesite', 'None');
Find:

Code: Select all

			setcookie($key, $this->session_id, ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'), ini_get('session.cookie_secure'), ini_get('session.cookie_httponly'));
Replace:

Code: Select all

			setcookie($key, $this->session_id, ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'SameSite' => 'None', 'Secure' => true, 'httponly' => ini_get('session.cookie_httponly')]);
Find:

Code: Select all

		setcookie($key, '', time() - 42000, ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
Replace:

Code: Select all

		setcookie($key, '', ['expires' => time() - 42000, 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'SameSite' => 'None', 'Secure' => true]);
Dear sir, can you use Google Translate to understand new solutions?
https://www.darrelltw.com/2024-3rd-part ... le-chrome/

Thank you very much!

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Tue Jun 04, 2024 10:49 pm

The article relates to third party cookies being phased out. This has nothing to do with the SameSite setting.

www.add-creative.co.uk


Guru Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Wed Jun 05, 2024 2:22 am

Because of my payment gateway module, payment must be completed on their payment page.

So what we encounter is, They have received the payment action from the customer and added money to our payment gateway account.

However, completing the payment action did not successfully change the next order status, Do you think this is related to the setting of "None"?

Because I saw Microsoft’s instructions seem to be related to this:
Handle SameSite cookie changes in Chrome browser

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm
Who is online

Users browsing this forum: No registered users and 20 guests