We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

session lose on bank redirect

hi . i have a website that users can buy stuff . for the payment users redirects to the bank site -> do the payment -> get back to the site .

lately after users get back to the , they lose theirs previous session and had to login again ! im guessing this related to google chrome cookie policy after version +84 .

I'm using phalcon 3.4 and the cookies dont have setOptions function to use the sameSite=None the set function don't get the sameSite option tho .

public function set($name, $value = null, $expire = 0, $path = '/', $secure = null, $domain = null, $httpOnly = null)

and sessions don't have a setting to use the PHPSESSID with the sameSite=None

what should i do ? thanks.

Update : My Current PHP Version : 7.2 , Apache 2.4



78
edited Nov '20

avoid tracking by cookies and the session data is lost as soon as the user leaves the site.

I had a similar problem with an OAuth backend I made and that was pretty much what my assumption was as only Safari users were seeing it. I do not have any Apple devices so I did not have a way to verify it KrogerFeed

You could always take the token, look up the user who it belongs to and re log them in manually. Depending on how much you trust that token.