Page 2 of 3
Re: How to make OpenCart 2.3 properly support SameSite cookies for Chrome 80?
Posted: Tue Apr 07, 2020 10:18 pm
by ADD Creative
Your two changes to upload/system/library/session.php are wrong. They should be something like below. I've not tested so please check.
Code: Select all
setcookie($key, $this->session_id, ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => ini_get('session.cookie_httponly')]);
Code: Select all
setcookie($key, '', ['expires' => time() - 42000, 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true]);
Once the changes are made, if you still get the warnings you need to check your cookies. See
https://developers.google.com/web/tools ... ge/cookies on how to do that.
Re: How to make OpenCart 2.3 properly support SameSite cookies for Chrome 80?
Posted: Wed Apr 08, 2020 2:18 pm
by HAO
Thank you for your help!
I turned on the experimental function and tested the checkout process, no problems were found.
Re: How to make OpenCart 2.3 properly support SameSite cookies for Chrome 80?
Posted: Sun Apr 12, 2020 10:23 pm
by HAO
I have a friend who reports to me, There seems to be a problem with the environment of his iPhone, Can anyone help with the test?
Re: How to make OpenCart 2.3 properly support SameSite cookies for Chrome 80?
Posted: Thu Apr 16, 2020 8:25 pm
by redmail
Were you able to solve the samesite cookie for opencart?
Its going to affect all ecommerce websites so its important to sort this out asap.
Further reading from a Taiwan developer on how to implement this in opencart:
viewtopic.php?f=64&t=217040&p=782859&hi ... te#p782859
https://translate.googleusercontent.com ... f_9fM6LpfA
https://translate.googleusercontent.com ... pL6EIiSxQg
Re: How to make OpenCart 2.3 properly support SameSite cookies for Chrome 80?
Posted: Fri Apr 17, 2020 3:57 pm
by HAO
I think we need to solve this problem, Does anyone have other solutions?
We need your help, Thank you!
Re: How to make OpenCart 2.3 properly support SameSite cookies for Chrome 80?
Posted: Tue May 26, 2020 3:21 pm
by HAO
The same problem happened again today, Does anyone have other effective solutions?
Re: How to make OpenCart 2.3 properly support SameSite cookies for Chrome 80?
Posted: Wed Jun 17, 2020 2:47 pm
by OSWorX
Just a remark on the "solution": if used,
you need at least php 7.3
That will
NOT work if php is less!
See an ongoing discussion here:
https://github.com/opencart/opencart/issues/7946
Re: How to make OpenCart 2.3 properly support SameSite cookies for Chrome 80?
Posted: Thu Aug 13, 2020 1:15 pm
by HAO
Okay, the situation is as follows:
My current environment is: PHP Version 7.3.21
What should I do to solve this problem?
Can you tell me how to solve this problem with steps and steps?
Which files to modify, and which code content to modify?
Thank you!
Re: How to make OpenCart 2.3 properly support SameSite cookies for Chrome 80?
Posted: Thu Aug 13, 2020 5:50 pm
by ADD Creative
What is you website URL?
Have you set the following in your php,ini or user.ini?
session.cookie_secure=On
session.cookie_samesite="None"
Have you modified the two lines below and if so what to?
https://github.com/opencart/opencart/bl ... on.php#L50
https://github.com/opencart/opencart/bl ... on.php#L77
Re: How to make OpenCart 2.3 properly support SameSite cookies for Chrome 80?
Posted: Thu Aug 13, 2020 8:06 pm
by HAO
We are using VPS hosting, so I think we should be able to modify the php.ini file directly.
You mean my environment, only need to modify the two steps you mentioned, can I solve the problem?
Do you mean this?
Re: How to make OpenCart 2.3 properly support SameSite cookies for Chrome 80?
Posted: Thu Aug 13, 2020 9:11 pm
by ADD Creative
Yes add them to the php.ini or user.ini.
Then change the two lines in session.php to something like.
viewtopic.php?p=795991#p782590
Re: How to make OpenCart 2.3 properly support SameSite cookies for Chrome 80?
Posted: Fri Aug 14, 2020 12:34 am
by HAO
Thanks for your reply!
My my hosting provider has helped me modify the php.ini file and restarted Apache, I am also following your instructions to modify the following files:
Open
Code: Select all
catalog/controller/startup/startup.php
Find
Code: Select all
setcookie('language', $code, time() + 60 * 60 * 24 * 30, '/', $this->request->server['HTTP_HOST']);
Replace
Code: Select all
setcookie('language', $code, ['expires' => time() + 60 * 60 * 24 * 30, 'path' => '/', 'domain' => $this->request->server['HTTP_HOST'], 'samesite' => 'None', 'secure' => true]);
Find
Code: Select all
setcookie('currency', $code, time() + 60 * 60 * 24 * 30, '/', $this->request->server['HTTP_HOST']);
Replace
Code: Select all
setcookie('currency', $code, ['expires' => time() + 60 * 60 * 24 * 30, 'path' => '/', 'domain' => $this->request->server['HTTP_HOST'], 'samesite' => 'None', 'secure' => true]);
Open
system/library/session.php
Find
Code: Select all
setcookie($key, $this->session_id, ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'), ini_get('session.cookie_secure'), ini_get('session.cookie_httponly'));
Replace
Code: Select all
setcookie($key, $this->session_id, ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => ini_get('session.cookie_httponly')]);
Find
Code: Select all
setcookie($key, '', time() - 42000, ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
Replace
Code: Select all
setcookie($key, '', ['expires' => time() - 42000, 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true]);
But the same problem still exists, When I redirected to the page of the payment module website, When the operation is completed and I return to my store page, my account login status will be logged out.
What is the problem?
Re: How to make OpenCart 2.3 properly support SameSite cookies for Chrome 80?
Posted: Fri Aug 14, 2020 1:32 am
by ADD Creative
Your currency, language and OpenCart default cookies are all now correct.
You PHPSESSID is not. You may need to contact you host again about the PHP session cookie settings.
Or in session.php add:
Code: Select all
ini_set('session.cookie_secure', 'On');
ini_set('session.cookie_samesite', 'None');
Just after.
Code: Select all
ini_set('session.cookie_httponly', 'On');
Re: How to make OpenCart 2.3 properly support SameSite cookies for Chrome 80?
Posted: Fri Aug 14, 2020 1:49 am
by HAO
I seem to have solved this problem, But because I cleared Google Chrome’s cookies before testing, I’m not sure if the same will happen next.
Anyway, Thank you for your help!
Re: How to make OpenCart 2.3 properly support SameSite cookies for Chrome 80?
Posted: Sat Aug 22, 2020 8:08 pm
by HAO
The same problem still exists, How can i solve this problem?
This is a debug message from Google Chrome:
Code: Select all
A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at <URL> and <URL>.
Code: Select all
A cookie associated with a cross-site resource at https://google.com/ was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
Re: How to make OpenCart 2.3 properly support SameSite cookies for Chrome 80?
Posted: Sat Aug 22, 2020 9:11 pm
by ADD Creative
What cookies is your site setting and with what flags? In Chrome developer tools go to Application -> Storage -> Cookies -> Your domain. If you post them here hide the values.
Re: How to make OpenCart 2.3 properly support SameSite cookies for Chrome 80?
Posted: Sat Aug 22, 2020 9:48 pm
by HAO
I have sent a private message to you.
Re: How to make OpenCart 2.3 properly support SameSite cookies for Chrome 80?
Posted: Sat Aug 22, 2020 10:36 pm
by ADD Creative
I can see that your PHPSESSID, default, currency and language cookies all correctly have SameSite=None and Strict.
You have a lot of other cookies. These are not ones set by the OpenCart core. These will set by extensions or your payment gateway.
Test your browser here.
https://samesite-sandbox.glitch.me/
If the results are all green then your browser is using the new behaviour.
If not you can switch the current version of Chrome into the cookie mode.
Switch both "SameSite by default cookies" and "Cookies without SameSite must be secure" to Enabled.
chrome://flags/#same-site-by-default-cookies
chrome://flags/#cookies-without-same-site-must-be-secure
Once done test you browser again with the above test link.
Once you know your browser is in the new mode test your payment module again. If it works then cookies are not the problem.
Re: How to make OpenCart 2.3 properly support SameSite cookies for Chrome 80?
Posted: Sat Aug 22, 2020 11:22 pm
by HAO
This is the case of my computer, Is this problem related to the settings of the client?
Can you help me test the checkout process?
Test product link:
https://www.tylee.tw/index.php?route=pr ... t_id=10008
Test account:
test@tylee.tw
Password: xXAH7spZ4nZVzcD
Thank you!
Re: How to make OpenCart 2.3 properly support SameSite cookies for Chrome 80?
Posted: Sun Aug 23, 2020 12:13 am
by ADD Creative
Your browser is using the new behavior and your site is setting the cookies correctly. Now test your checkout, if it works for you and not your customers, the issue is likely to be something else and not cookie related.