Post by ADD Creative » Wed Jun 05, 2024 6:23 pm

No, as SameSite None removes any restrictions.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Fri Jun 07, 2024 1:56 pm

My site has the following error message:

Code: Select all

由於 Cookie「SIDCC」缺少正確的「SameSite」屬性值,缺少「SameSite」或含有不正確值的 Cookie 即將被視為指定了「Lax」,該 Cookie 將無法傳送到第三方環境中。若您的應用程式需要這組 Cookie 才能在不同環境中運作,請加上「SameSite=None」屬性。若要了解「SameSite」屬性的更多資訊,請參考 https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite clr
由於 Cookie「__Secure-1PSIDCC」缺少正確的「SameSite」屬性值,缺少「SameSite」或含有不正確值的 Cookie 即將被視為指定了「Lax」,該 Cookie 將無法傳送到第三方環境中。若您的應用程式需要這組 Cookie 才能在不同環境中運作,請加上「SameSite=None」屬性。若要了解「SameSite」屬性的更多資訊,請參考 https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite
This seems to mean that there are other cookies that also need to be updated simultaneously, ECPay's description also seems to say that iOS cannot correctly support SameSite=None.

Dear Sir, do you think it is possible to use other ways to solve this problem?

Like using the oc_session data table, Or use localStorage, sessionStorage technology to solve cross-site problems?

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Fri Jun 07, 2024 3:50 pm

SIDCC is not an OpenCart cookie. You need to work out if it's being set by an extension or payment gateway and get that changed. There is the possibility you could add Secure and SameSite=None via htaccess. There was an example in this topic.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Mon Jun 10, 2024 7:08 pm

The problem now is that iOS does not seem to recognize the SameSite settings, But it’s impossible for us to limit the client’s browser environment.

Dear Sir, Do you think we have a new solution to this problem? Use localStorage, sessionStorage technology.

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Mon Jun 10, 2024 10:27 pm

Using localStorage or sessionStorage would not be a replacement for OpenCart cookies as they can only be used by client side JavaScript.

For your other cookies, that would depend entirely on how they are used.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Tue Jun 11, 2024 1:00 pm

The same problem occurs again.

When the customer presses the [Continue] button, The order status will change to awaiting payment.

Wait until he completes filling in the payment information, The correct order status should be: Payment completed.

But the order status changed to failed, However, in the same order record, ECPay received information that the payment was successful.
訂單日期 備註 狀態 客戶通知
2024/06/11 AM:10:34:13 信用卡(一次付清) 等待付款中 是
2024/06/11 AM:10:42:57 已失敗 否
2024/06/11 AM:10:43:51 綠界Credit付款結果:(1)交易成功 已失敗 是

Browser
User Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept Language zh-TW,zh;q=0.9,zh-CN;q=0.8,en-US;q=0.7,en;q=0.6,ja;q=0.5
Do you think this situation is due to the customer's browser version causing the failure to change the order status?

※※※※※Please note※※※※※

The SameSite attribute is not supported below iOS 11.

iOS 12 treats SameSite=None as SameSite=Strict.

※※※※※Please note※※※※※

----------

After confirming with the customer, it seems that he did not complete the payment within 10 minutes.

Therefore, the second order status may be related to the timeout of php session related settings, Do I need to adjust my settings?

Do I need to adjust my php settings?

Attachments

Screenshot 2024-06-11 at 15-45-32 cPanel -.png

Screenshot 2024-06-11 at 15-45-32 cPanel -.png (170.95 KiB) Viewed 325 times


HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm

Post by ADD Creative » Tue Jun 11, 2024 4:42 pm

Your session.gc_maxlifetime is 1440 seconds (24 minutes). You need to check session.cookie_lifetime is 0.

You probably need to contact your payment provider and payment extension developer to ask about the timeout and iOS issues.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by HAO » Tue Jun 11, 2024 8:02 pm

This option can be selected using the drop-down list, session.gc_maxlifetime:
1440
3600
18000

cPanel does not have the session.cookie_lifetime option to choose, But I confirmed in WHM that it has been set to 0.

HAO
Active Member

Posts

Joined
Fri Jun 03, 2011 2:52 pm
Who is online

Users browsing this forum: No registered users and 39 guests