OpenCart Community

OpenCart Community Forum - Discuss shopping cart and e-commerce solutions.
https://forum.opencart.com/

Sign out automaticly after buying

https://forum.opencart.com/viewtopic.php?t=223497

Page 1 of 1

Sign out automaticly after buying

Posted: Tue Apr 20, 2021 8:58 pm
by DANDTON
Hello everyone,
I am useing 3.0.3.2, today I found a problem, when I finish buying by paypal and click "return back" button on paypal page, then the page go to my store.
BUT, the buyer account sign out automaticly, I must login again. BUT when I login again, I can see the shopping cart is not clear......
I can see that: All my google chorme's cookies is sign out automaticly, my admin account in another lable is sign out automaticly too.....
I use Journal 3.1.8.
Thank you for your help!!
Yours, Daniel

Re: Sign out automaticly after buying

Posted: Tue Apr 20, 2021 9:04 pm
by straightlight
DANDTON wrote:
Tue Apr 20, 2021 8:58 pm
 Hello everyone,
I am useing 3.0.3.2, today I found a problem, when I finish buying by paypal and click "return back" button on paypal page, then the page go to my store.
BUT, the buyer account sign out automaticly, I must login again. BUT when I login again, I can see the shopping cart is not clear......
I can see that: All my google chorme's cookies is sign out automaticly, my admin account in another lable is sign out automaticly too.....
I use Journal 3.1.8.
Thank you for your help!!
Yours, Daniel
Unsupported.

Re: Sign out automaticly after buying

Posted: Tue Apr 20, 2021 10:31 pm
by JNeuhoff
Not an OpenCart bug, the OpenCart checkout eventually reaches the checkout/success page, and the user stays logged in, but with the shopping cart cleared after the successfully processed order. Journal3 is a different framework (80% non-Opencart) so in your case you will have to get in touch with the Journal support.

Re: Sign out automaticly after buying

Posted: Tue Apr 20, 2021 10:48 pm
by DANDTON
JNeuhoff wrote:
Tue Apr 20, 2021 10:31 pm
 Not an OpenCart bug, the OpenCart checkout eventually reaches the checkout/success page, and the user stays logged in, but with the shopping cart cleared after the successfully processed order. Journal3 is a different framework (80% non-Opencart) so in your case you will have to get in touch with the Journal support.
Thank you very much! I did more test and find the problem seems come from Paypal, I use Paypal standard as payment way. I have paypal standard and Free check out 2 way. When I test by free check out, there is no problem, but when I use paypal stanard and test by sandbox account, I found this problem comes out,
For insurance, I tried to use my another V1.5.6 opencart and V3.0.2 opencart website, this problem is still there when i use paypal standard.
So I doubt it is the problem from paypal, I will call them tomorrow and let you know more info.

Re: Sign out automaticly after buying

Posted: Thu Apr 22, 2021 11:25 am
by DANDTON
Called paypal, and got no answer, so I tried to test more and find the resolution: O0
1.Must update PHP7.0 to PHP7.3, after test, only PHP7.3 is ok
2.edit document: /upload/system/framework.php around 110 line

//original cookie
//setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));

//modified cookie
setcookie($config->get('session_name'), $session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);

3.edit document: /upload/catalog/controller/startup/session.php around 25 line
//original cookie
//setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));

//modified cookie
setcookie($this->config->get('session_name'), $this->session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);

refresh ocmod, done,
Now test, after checkout and return back to sucessul pay page, the customer won't logout and the shopping cart is empty.

Re: Sign out automaticly after buying

Posted: Mon Jan 09, 2023 3:20 pm
by maniruzzaman
Hi,
I was also faced this issue for opencart-4 for our Paysera payment gateway plugin, then investigated and finds about session samesite and to fix this, no need to make additional code. Just change from settings -
1) Go to settings.
2) Click on Server tab.
3) Change Session Samesite Cookie from Lax/Strict to None.
4) Now make payment and nothing will logged out.

Re: Sign out automaticly after buying

Posted: Mon May 15, 2023 11:40 pm
by frasergoconsultme
DANDTON wrote:
Thu Apr 22, 2021 11:25 am
 Called paypal, and got no answer, so I tried to test more and find the resolution: O0
1.Must update PHP7.0 to PHP7.3, after test, only PHP7.3 is ok
2.edit document: /upload/system/framework.php around 110 line

//original cookie
//setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));

//modified cookie
setcookie($config->get('session_name'), $session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);

3.edit document: /upload/catalog/controller/startup/session.php around 25 line
//original cookie
//setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));

//modified cookie
setcookie($this->config->get('session_name'), $this->session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);

refresh ocmod, done,
Now test, after checkout and return back to sucessul pay page, the customer won't logout and the shopping cart is empty.
Had the same issue and this worked for me...many thanks :-)

Re: Sign out automaticly after buying

Posted: Tue May 16, 2023 12:02 am
by by mona
+1

Thank you to
DANDTON for coming back with a solution
maniruzzaman for a possible solution for OC4
and frasergoconsultme for taking the time to login and say thank you and confirming it works

have a great day ;D

Re: Sign out automaticly after buying

Posted: Tue May 16, 2023 7:48 am
by ADD Creative
frasergoconsultme wrote:
Mon May 15, 2023 11:40 pm
DANDTON wrote:
Thu Apr 22, 2021 11:25 am
 Called paypal, and got no answer, so I tried to test more and find the resolution: O0
1.Must update PHP7.0 to PHP7.3, after test, only PHP7.3 is ok
2.edit document: /upload/system/framework.php around 110 line

//original cookie
//setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));

//modified cookie
setcookie($config->get('session_name'), $session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);

3.edit document: /upload/catalog/controller/startup/session.php around 25 line
//original cookie
//setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));

//modified cookie
setcookie($this->config->get('session_name'), $this->session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);

refresh ocmod, done,
Now test, after checkout and return back to sucessul pay page, the customer won't logout and the shopping cart is empty.
Had the same issue and this worked for me...many thanks :-)
That's not the best way to fix the issue for PayPal Standard. You can just change the rm variable to 1, as done in 3.0.3.8.
https://github.com/opencart/opencart/pull/8072

That way you can keep using default SameSite=Lax, which would give more protection against attacks such as CSRF. Which is probably important if you are using an older version than 3.0.3.8 that does not have the security vulnerability in the PayPal Standard extension patched.

Re: Sign out automaticly after buying

Posted: Tue May 16, 2023 9:09 pm
by frasergoconsultme
ADD Creative wrote:
Tue May 16, 2023 7:48 am
frasergoconsultme wrote:
Mon May 15, 2023 11:40 pm
DANDTON wrote:
Thu Apr 22, 2021 11:25 am
 Called paypal, and got no answer, so I tried to test more and find the resolution: O0
1.Must update PHP7.0 to PHP7.3, after test, only PHP7.3 is ok
2.edit document: /upload/system/framework.php around 110 line

//original cookie
//setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));

//modified cookie
setcookie($config->get('session_name'), $session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);

3.edit document: /upload/catalog/controller/startup/session.php around 25 line
//original cookie
//setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));

//modified cookie
setcookie($this->config->get('session_name'), $this->session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);

refresh ocmod, done,
Now test, after checkout and return back to sucessul pay page, the customer won't logout and the shopping cart is empty.
Had the same issue and this worked for me...many thanks :-)
That's not the best way to fix the issue for PayPal Standard. You can just change the rm variable to 1, as done in 3.0.3.8.
https://github.com/opencart/opencart/pull/8072

That way you can keep using default SameSite=Lax, which would give more protection against attacks such as CSRF. Which is probably important if you are using an older version than 3.0.3.8 that does not have the security vulnerability in the PayPal Standard extension patched.
I am running 3.0.3.8 and was still having the issue until I changed the code as above.

Re: Sign out automaticly after buying

Posted: Tue May 16, 2023 9:49 pm
by ADD Creative
frasergoconsultme wrote:
Tue May 16, 2023 9:09 pm
 I am running 3.0.3.8 and was still having the issue until I changed the code as above.
I would check that your theme is not overriding the /catalog/view/theme/default/template/extension/payment/pp_standard.twig file or that the file isn't an old version from a previous upgrade.

You can also inspect the payment fields at the last step at checkout using your browser's developer tool, where you should see the following.

Code: Select all

<input type="hidden" name="rm" value="1" />

Re: Sign out automaticly after buying

Posted: Fri Jul 28, 2023 1:03 am
by kslakhani
DANDTON wrote:
Thu Apr 22, 2021 11:25 am
 Called paypal, and got no answer, so I tried to test more and find the resolution: O0
1.Must update PHP7.0 to PHP7.3, after test, only PHP7.3 is ok
2.edit document: /upload/system/framework.php around 110 line

//original cookie
//setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));

//modified cookie
setcookie($config->get('session_name'), $session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);

3.edit document: /upload/catalog/controller/startup/session.php around 25 line
//original cookie
//setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));

//modified cookie
setcookie($this->config->get('session_name'), $this->session->getId(), ['expires' => ini_get('session.cookie_lifetime'), 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'samesite' => 'None', 'secure' => true, 'httponly' => true]);

refresh ocmod, done,
Now test, after checkout and return back to sucessul pay page, the customer won't logout and the shopping cart is empty.
Thanks, worked perfectly on OC v3.0.2.0

Re: Sign out automaticly after buying

Posted: Fri Jul 28, 2023 7:37 am
by ADD Creative
kslakhani wrote:
Fri Jul 28, 2023 1:03 am
 Thanks, worked perfectly on OC v3.0.2.0
You should also be able to fix it by making the changes at the links below instead.
https://github.com/opencart/opencart/pull/8072/files

That way you can keep SameSite set to Lax with will offer protection against CSRF vulnerabilities that None doesn't.
All times are UTC+08:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/