skip to Main Content

Problem:
When my magento2.3 application redirects user to payment gateway, i can access all the session data. but when it returns backs from there it do not have checkout session data or any session data. this happens only for google chrome

Things i already explored
From google chrome release notes (https://www.chromium.org/updates/same-site) i can see they have changed samesite default value to "Lax", and disabling this works.

Solution Looking for
I want to give samesite=None value to all my outgoing requests to any third party services. Any help or lead would be highly appreciated.

2

Answers


  1. You can try setting the samesite=None by following steps..

    file : etc/frontend/di.xml

    <?xml version="1.0"?>
    <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
        <type name="MagentoFrameworkViewElementJsCookie">
            <plugin name="afterGetPath" type="namespacemodulePluginViewElementJsManagePath" sortOrder="10"/>
        </type>
    </config>
    

    file : Plugin/View/Element/Js/ManagePath.php

    namespace namespacemodulePluginViewElementJs;
    
    use MagentoFrameworkViewElementJsCookie;
    
    class ManagePath
    {
        public function afterGetPath(MagentoFrameworkViewElementJsCookie $subject, $path)
        {
            
            if (preg_match('/SameSite/', $path)) {
                 $path_array = explode(';', $path);
                 $path = $path_array[0];
            }
            
            return $path;
        }
    }
    

    file : etc/di.xml

    <?xml version="1.0"?>
    <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Store:etc/config.xsd">
        <preference for="MagentoFrameworkSessionConfigConfigInterface" type="namespacemoduleSessionCustomConfig"/>
    </config>
    
    

    file : Session/CustomConfig.php

    
    namespace namespacemoduleSession;
    
    use MagentoFrameworkSessionConfig as DefaultConfig;
    
    class CustomConfig extends DefaultConfig
    {
        public function setCookiePath($path, $default = null)
        {   
            parent::setCookiePath($path, $default);
    
            $path = $this->getCookiePath();
    
            //check and update path of cookie
            if (!preg_match('/SameSite/', $path)) {
                $path .= '; SameSite=None';
                $this->setOption('session.cookie_path', $path);
            }
    
            return $this;
        }
    }
    
    

    NOTE : replace namespace & module with your namespace and module.

    Login or Signup to reply.
  2. Since I don’t have enough reputation to comment on the accepted answer, I must point out that for me it didn’t work since Chrome asked that all cookies with SameSite set to "none" to be flagged as secure.
    The fix was adding:

    $path .= '; SameSite=None ; secure';
    

    Without flagging them as secure I would have problems adding items to cart.

    Worked for me, hope it helps others that encounter same issue.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search