Page 1 of 2
[SOLVED] Help: How to put the attribute SameSite "none" in cookies. ? OP 3.0.3
Posted: Fri Aug 21, 2020 6:34 am
by juanca2020
Hello, does anyone know how to solve the problem generated by the OCSESSID cookie when entering third party sites and returning is rejected, for not having the attribute "sameSite" = None?
Or on the contrary, does someone know how to give that attribute to all cookies on the site?
OPENCART: 3.0.3.2
PHP: > 7.3
Thank you.
Re: Help: How to put the attribute SameSite "none" in cookies. ? OP 3.0.3
Posted: Sat Aug 22, 2020 9:50 am
by juanca2020
Someone? I can give a donation via PayPal, if the help is real. The truth is that I am a bit desperate, there is no information that solves that problem (generated by Chrome 80), with other cookies, such as language and currency. but nothing from the session.
Thank you.
Re: Help: How to put the attribute SameSite "none" in cookies. ? OP 3.0.3
Posted: Sat Aug 22, 2020 1:09 pm
by letxobnav
system/framework.php
Code: Select all
setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path').'; SameSite=None', ini_get('session.cookie_domain'),true,true);
Code: Select all
setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path').'; SameSite=None', ini_get('session.cookie_domain'),true,true);
We use strict for the session but we do not have session cookie dependency for gateways.
Re: Help: How to put the attribute SameSite "none" in cookies. ? OP 3.0.3
Posted: Sat Aug 22, 2020 5:19 pm
by juanca2020
it does not work, neither with the value "none" or "strict".
The only change that can be seen is that the products are not added to the cart.
thanks anyway
Re: Help: How to put the attribute SameSite "none" in cookies. ? OP 3.0.3
Posted: Sat Aug 22, 2020 9:32 pm
by letxobnav
well, "it does not work" does not fly as that is exactly how our site runs.
Show the cookie listing in your developer tools.
as in:
Re: Help: How to put the attribute SameSite "none" in cookies. ? OP 3.0.3
Posted: Sat Aug 22, 2020 9:48 pm
by ADD Creative
For PHP 7.3, try.
In catalog/controller/startup/session.php change.
Code: Select all
setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
To.
Code: Select all
setcookie($this->config->get('session_name'), $this->session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
In system/framework.php change.
Code: Select all
setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
To.
Code: Select all
setcookie($config->get('session_name'), $session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
For the language and currency cookies, they should be the same as in this post.
viewtopic.php?f=190&t=216579&start=20#p796020
Re: Help: How to put the attribute SameSite "none" in cookies. ? OP 3.0.3
Posted: Sun Aug 23, 2020 6:55 am
by juanca2020
letxobnav wrote: ↑Sat Aug 22, 2020 9:32 pm
well, "it does not work" does not fly as that is exactly how our site runs.
Show the cookie listing in your developer tools.
as in:
Re: Help: How to put the attribute SameSite "none" in cookies. ? OP 3.0.3
Posted: Sun Aug 23, 2020 11:41 am
by letxobnav
you refreshed modifications right? or you just edited the core?
Re: Help: How to put the attribute SameSite "none" in cookies. ? OP 3.0.3
Posted: Sun Aug 23, 2020 12:06 pm
by juanca2020
letxobnav wrote: ↑Sun Aug 23, 2020 11:41 am
you refreshed modifications right? or you just edited the core?
Yes.
I removed the template cache, SASS. [ok]
clear and refresh in modifications [ok]
clear cache addon chrome [ok]
and private mode [ok]
Re: Help: How to put the attribute SameSite "none" in cookies. ? OP 3.0.3
Posted: Sun Aug 23, 2020 1:21 pm
by letxobnav
You have a cache addon in chrome?
No need to recompile sass unless you changed scss files if you have any, that is all that does.
You did delete your cookies right?
well, anyway, post what code you have in:
catalog/controller/startup/session.php
and
system/framework.php
Re: Help: How to put the attribute SameSite "none" in cookies. ? OP 3.0.3
Posted: Sun Aug 23, 2020 3:58 pm
by juanca2020
I deleted everything, even what is not necessary.
the only add-on I have for the cache in chrome is "Clear cache" that allows you to delete your choice (quickly):
App Cache
Cache
cookies
Downloads
etc.
catalog/controller/startup/session.php
Code: Select all
<?php
class ControllerStartupSession extends Controller {
public function index() {
if (isset($this->request->get['api_token']) && isset($this->request->get['route']) && substr($this->request->get['route'], 0, 4) == 'api/') {
$this->db->query("DELETE FROM `" . DB_PREFIX . "api_session` WHERE TIMESTAMPADD(HOUR, 1, date_modified) < NOW()");
// Make sure the IP is allowed
$api_query = $this->db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "api` `a` LEFT JOIN `" . DB_PREFIX . "api_session` `as` ON (a.api_id = as.api_id) LEFT JOIN " . DB_PREFIX . "api_ip `ai` ON (a.api_id = ai.api_id) WHERE a.status = '1' AND `as`.`session_id` = '" . $this->db->escape($this->request->get['api_token']) . "' AND ai.ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "'");
if ($api_query->num_rows) {
$this->session->start($this->request->get['api_token']);
// keep the session alive
$this->db->query("UPDATE `" . DB_PREFIX . "api_session` SET `date_modified` = NOW() WHERE `api_session_id` = '" . (int)$api_query->row['api_session_id'] . "'");
}
} else {
if (isset($_COOKIE[$this->config->get('session_name')])) {
$session_id = $_COOKIE[$this->config->get('session_name')];
} else {
$session_id = '';
}
$this->session->start($session_id);
// setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path').'; SameSite=None', ini_get('session.cookie_domain'),true,true);
}
}
}
Code: Select all
<?php
// Registry
$registry = new Registry();
// Config
$config = new Config();
$config->load('default');
$config->load($application_config);
$registry->set('config', $config);
// Log
$log = new Log($config->get('error_filename'));
$registry->set('log', $log);
date_default_timezone_set($config->get('date_timezone'));
set_error_handler(function($code, $message, $file, $line) use($log, $config) {
// error suppressed with @
if (error_reporting() === 0) {
return false;
}
switch ($code) {
case E_NOTICE:
case E_USER_NOTICE:
$error = 'Notice';
break;
case E_WARNING:
case E_USER_WARNING:
$error = 'Warning';
break;
case E_ERROR:
case E_USER_ERROR:
$error = 'Fatal Error';
break;
default:
$error = 'Unknown';
break;
}
if ($config->get('error_display')) {
echo '<b>' . $error . '</b>: ' . $message . ' in <b>' . $file . '</b> on line <b>' . $line . '</b>';
}
if ($config->get('error_log')) {
$log->write('PHP ' . $error . ': ' . $message . ' in ' . $file . ' on line ' . $line);
}
return true;
});
// Event
$event = new Event($registry);
$registry->set('event', $event);
// Event Register
if ($config->has('action_event')) {
foreach ($config->get('action_event') as $key => $value) {
foreach ($value as $priority => $action) {
$event->register($key, new Action($action), $priority);
}
}
}
// Loader
$loader = new Loader($registry);
$registry->set('load', $loader);
// Request
$registry->set('request', new Request());
// Response
$response = new Response();
$response->addHeader('Content-Type: text/html; charset=utf-8');
$response->setCompression($config->get('config_compression'));
$registry->set('response', $response);
// Database
if ($config->get('db_autostart')) {
$registry->set('db', new DB($config->get('db_engine'), $config->get('db_hostname'), $config->get('db_username'), $config->get('db_password'), $config->get('db_database'), $config->get('db_port')));
}
// Session
$session = new Session($config->get('session_engine'), $registry);
$registry->set('session', $session);
if ($config->get('session_autostart')) {
/*
We are adding the session cookie outside of the session class as I believe
PHP messed up in a big way handling sessions. Why in the hell is it so hard to
have more than one concurrent session using cookies!
Is it not better to have multiple cookies when accessing parts of the system
that requires different cookie sessions for security reasons.
Also cookies can be accessed via the URL parameters. So why force only one cookie
for all sessions!
*/
if (isset($_COOKIE[$config->get('session_name')])) {
$session_id = $_COOKIE[$config->get('session_name')];
} else {
$session_id = '';
}
$session->start($session_id);
// setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path').'; SameSite=None', ini_get('session.cookie_domain'),true,true);
}
// Cache
$registry->set('cache', new Cache($config->get('cache_engine'), $config->get('cache_expire')));
// Url
if ($config->get('url_autostart')) {
$registry->set('url', new Url($config->get('site_url'), $config->get('site_ssl')));
}
// Language
$language = new Language($config->get('language_directory'));
$registry->set('language', $language);
// Document
$registry->set('document', new Document());
// Config Autoload
if ($config->has('config_autoload')) {
foreach ($config->get('config_autoload') as $value) {
$loader->config($value);
}
}
// Language Autoload
if ($config->has('language_autoload')) {
foreach ($config->get('language_autoload') as $value) {
$loader->language($value);
}
}
// Library Autoload
if ($config->has('library_autoload')) {
foreach ($config->get('library_autoload') as $value) {
$loader->library($value);
}
}
// Model Autoload
if ($config->has('model_autoload')) {
foreach ($config->get('model_autoload') as $value) {
$loader->model($value);
}
}
// Route
$route = new Router($registry);
// Pre Actions
if ($config->has('action_pre_action')) {
foreach ($config->get('action_pre_action') as $value) {
$route->addPreAction(new Action($value));
}
}
// Dispatch
$route->dispatch(new Action($config->get('action_router')), new Action($config->get('action_error')));
// Output
$response->output();
Re: Help: How to put the attribute SameSite "none" in cookies. ? OP 3.0.3
Posted: Sun Aug 23, 2020 4:16 pm
by sw!tch
It may be more readable when testing, if you pass it as an array like below, also requires PHP 7.3 so confirm that.
ex:
Code: Select all
$session_config = [
'expires' => ini_get('session.cookie_lifetime'),
'path' => ini_get('session.cookie_path'),
'domain' => ini_get('session.cookie_domain'),
'samesite' => 'none',
'secure' => true,
'httponly' => true,
];
setcookie($this->config->get('session_name'), $this->session->getId(), $session_config);
Re: Help: How to put the attribute SameSite "none" in cookies. ? OP 3.0.3
Posted: Sun Aug 23, 2020 4:22 pm
by juanca2020
sw!tch wrote: ↑Sun Aug 23, 2020 4:16 pm
It may be more readable when testing, if you pass it as an array like below, also requires PHP 7.3 so confirm that.
ex:
Code: Select all
$session_config = [
'expires' => ini_get('session.cookie_lifetime'),
'path' => ini_get('session.cookie_path'),
'domain' => ini_get('session.cookie_domain'),
'samesite' => 'none',
'secure' => true,
'httponly' => true,
];
setcookie($this->config->get('session_name'), $this->session->getId(), $session_config);
I have also tried it like that, I have read the whole forum and github.
Re: Help: How to put the attribute SameSite "none" in cookies. ? OP 3.0.3
Posted: Sun Aug 23, 2020 4:27 pm
by sw!tch
You have a link to your site? With it implemented?
My guess is you are not on PHP 7.3 , you may want to verify that through phpinfo.
Re: Help: How to put the attribute SameSite "none" in cookies. ? OP 3.0.3
Posted: Sun Aug 23, 2020 5:02 pm
by juanca2020
ADD Creative wrote: ↑Sat Aug 22, 2020 9:48 pm
For PHP 7.3, try.
In catalog/controller/startup/session.php change.
Code: Select all
setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
To.
Code: Select all
setcookie($this->config->get('session_name'), $this->session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
In system/framework.php change.
Code: Select all
setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
To.
Code: Select all
setcookie($config->get('session_name'), $session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
For the language and currency cookies, they should be the same as in this post.
viewtopic.php?f=190&t=216579&start=20#p796020
solved with this
Re: Help: How to put the attribute SameSite "none" in cookies. ? OP 3.0.3
Posted: Sun Aug 23, 2020 5:04 pm
by khnaz35
Great!
Dont forget to put the word [SOLVED] in the post title.
Re: [SOLVED] Help: How to put the attribute SameSite "none" in cookies. ? OP 3.0.3
Posted: Sun Aug 23, 2020 6:07 pm
by letxobnav
ah, apologies, just realized we were still running on php v7.2
Re: [SOLVED] Help: How to put the attribute SameSite "none" in cookies. ? OP 3.0.3
Posted: Mon Aug 24, 2020 5:34 am
by juanca2020
letxobnav wrote: ↑Sun Aug 23, 2020 6:07 pm
ah, apologies, just realized we were still running on php v7.2
Any help is appreciated. really.
Re: Help: How to put the attribute SameSite "none" in cookies. ? OP 3.0.3
Posted: Thu Sep 17, 2020 8:49 pm
by LocalExamination
ADD Creative wrote: ↑Sat Aug 22, 2020 9:48 pm
For PHP 7.3, try.
In catalog/controller/startup/session.php change.
Code: Select all
setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
To.
Code: Select all
setcookie($this->config->get('session_name'), $this->session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
In system/framework.php change.
Code: Select all
setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
To.
Code: Select all
setcookie($config->get('session_name'), $session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);
For the language and currency cookies, they should be the same as in this post.
viewtopic.php?f=190&t=216579&start=20#p796020
Seems that OCMods are getting applied to system/framework.php, but the modded file isn't loaded. The modded file for catalog/controller/startup/session.php is loaded ok.
OC 3031
Re: [SOLVED] Help: How to put the attribute SameSite "none" in cookies. ? OP 3.0.3
Posted: Thu Sep 17, 2020 10:08 pm
by ADD Creative
Have you refreshed your modifications?