Question posted in 
The persistent session issue the application is facing after the recent browser updates (e.g., Google Chrome v84 onwards ).
When the application is browsed using an incompatible browser version, the application cannot have a persistent session across a transaction that happens through the payment gateway. Due to this, the user gets logged out automictically after the user is redirected back from the payment gateway. Thus the user is not recognized as the client who initiated the payment.
This problem mostly happens with Chrome 80+, all other browsers work fine (Firefox, Safari, Edge, mobile browsers like Samsung Internet, etc). Older versions of Chrome also works fine (<=79).
How can this be fixed?
2
Answers
To fix the above issue, the following cookie modification header should be configured in the app/proxy server in the application vhost (e.g., Apache vhost ).
After applying the above configuration the server should be restarted.
Note that if the app/proxy server is different to Apache ( eg: nginx) the above configuration should be changed accordingly.
If the above configuration is successful, the following change is noticed in the browser developer tools under Cookies ( eg: firebug )
The values of HttpOnly & Secure should be
true, and the value of SameSite should benone.Read more
Google Chrome doesn’t delete the sessions cookie, it just does not set it on a post request from 3rd party domain. So you can create an interface page for returning from the payment site and save posted contents in the session, then redirect the user to the main payment confirmation page. Also, you can repost the data to the confirmation page without saving them using an HTML form. Please note that you shouldn’t check the user is logged in or any cookie on the interface page.