We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

My website generates new session file after redirect from payment gateway page?

Hi there,

My company website is using Phalcon 3.4.5 to develop.

I have a payment page, when customer click Place order, it goes to another payment gateway website and comes back after done. The payment website will post a result form to my result page that I provide URL before.

When the payment website send a post back to my website. Phalcon regenerates new session file which is empty and all order, login sessions are gone. In this new session file, I do another payment again and this time NO session file is generated.

I tried to use method setId() to get old session before go to payment website but the issues still happens.

public function paymentresultAction(){
        $msgPrefix = "PAYMENT RESULT: ";
        $ssId = $this->request->getQuery("ssID");
        $this->session->setId($ssId);
        $this->session->start();
        logger($msgPrefix."SESSION ID= ".$ssId, 0);
        logger($msgPrefix."LOGIN SESSION = ".$this->session->has('ss-user-login'), 0);

Does anyone have ideas for that?

Thank for any suggestion.

edited Aug '20

This is maybe because the page is closed when the user is redirected to the payement and you didn't set a value for gc_maxlifetime and cookie_lifetime from the php.ini, the default value is to clear sessions on close.

ini_set("session.gc_maxlifetime", $config->session_lifetime);
ini_set("session.cookie_lifetime", $config->session_lifetime);

Thank you for your reply, I will try it and tell you result.

This is maybe because the page is closed when the user is redirected to the payement and you didn't set a value for gc_maxlifetime and cookie_lifetime from the php.ini, the default value is to clear sessions on close.

ini_set("session.gc_maxlifetime", $config->session_lifetime);
ini_set("session.cookie_lifetime", $config->session_lifetime);

I tried to check those two config. Here what I got:

[[email protected] logs]# php -i | grep session.gc_maxlifetime
session.gc_maxlifetime => 1440 => 1440
[[email protected] logs]# php -i | grep session.cookie_lifetime
session.cookie_lifetime => 0 => 0

They seem to be set by default value. My error still hapends.

This is maybe because the page is closed when the user is redirected to the payement and you didn't set a value for gc_maxlifetime and cookie_lifetime from the php.ini, the default value is to clear sessions on close.

ini_set("session.gc_maxlifetime", $config->session_lifetime);
ini_set("session.cookie_lifetime", $config->session_lifetime);

I tried, the issue is still there.

More information: This issue only happens on Chrome.

So try to set 1440 for session.cookie_lifetime
https://www.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime