skip to Main Content

I deployed my Laravel app to shared hosting (cpanel). For paying, the user first redirects to a bank account and then redirects to my page. during this procedure, the user gets logged out!

for protecting my routes I use auth middleware and for session driver, I use the default session driver which is file. also, the permission for framework/sessions is 777.

this is the code which redirect to the bank page:

            $go = "https://thebank/example";
            redirect()->to($go)->send();

and after a successful payment, the bank redirects to a route that I specified for verifying the payment.

Route::get('/payment/callBack' , 'PaymentController@VerifyData')->middleware('auth');

the route utilizes the auth middleware However most of the time the user is not logged in and automatically redirects to login page. I noticed if I don’t use the auth middleware and if the user refreshes the page the user logs in automatically. this is not something that usually happens with laravel. I also tried the cookie driver for session and it didn’t work and caused more problems.

I also didn’t gain any success in storing user_id and cart_id in the default PHP $_SESSION. all SESSIONS seems to be cleared when user redirects back from the bank page.

how can I fix the problem?

5

Answers


  1. Chosen as BEST ANSWER

    It is one of my very old questions that I figured out myself but forgot to share the solution. However, I see this page is still active I decided to share my solution.

    My problem actually was the protocol of redirecting URL. My mistake was that I set the redirect URL of '/payment/callBack' to http. While my website was https. The sessions for https and http are different, so user logged in https can not be logged in to http. my solution was first corrects the URL callback to https version. and set the nginx config to redirect all http to https.


  2. The same_site setting is changed in default Laravel installation, make sure you change same_site to null in
    config/session.php or callback won’t include cookies and you will be logged out when a payment is completed. So inside your config/session.php update

    return [
      ...
      ...
      'same_site' => null,
      ...
      ...
    ];
    
    Login or Signup to reply.
  3. I solved this issue by adding an API route for callback. Inside controller you can redirect or return view.

    Login or Signup to reply.
  4. The new versions of the browsers might be logging you out because of the new cookie policy.

    References
    https://developers.google.com/search/blog/2020/01/get-ready-for-new-samesitenone-secure
    https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

    Whenever the cookie is required to be sent to server, the browser sees the SameSite attribute to decide if the cookie to be sent to server or blocked. For user actions, it is sent to the server but for auto-redirects, it doesn’t if SameSite is set to ‘Strict’ or ‘Lax’ (Lax is going to be the default value now).

    Solution:
    The cookie attribute SameSite can be set to ‘None’ along with specifying the ‘Secure’ attribute to ‘true’. Setting ‘Secure’ attribute to ‘true’ would require your site to run on https. Sites running with http:// protocol will not be able to set ‘Secure’ cookie.
    Please set the ‘HttpOnly’ attribute to ‘true’ for making it accessible for http requests to the server only.

    In PHP, it can be achieved as below
    session_set_cookie_params(0, ‘/PATH/; SameSite=None’, <COOKIE_DOMAIN>, true, true);

    Login or Signup to reply.
  5. I have configuration with this. But not working.

    'secure' => env('SESSION_SECURE_COOKIE', false),
    'same_site' => null,
    

    If I set this

    same_site' => "none"
    

    Then it work

    Solution for laravel 8-

    In config/session.php
    
    'secure' => true, 
    'same_site' => 'none'
    

    Ref https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search