session lose on bank redirect

Question

session lose on bank redirect

Hamid Oct '20

Created Oct '20	Last Reply Nov '20	Replies 2	Views 102	Votes 0

Hamid 1.2k

Oct '20

hi . i have a website that users can buy stuff . for the payment users redirects to the bank site -> do the payment -> get back to the site .

lately after users get back to the , they lose theirs previous session and had to login again ! im guessing this related to google chrome cookie policy after version +84 .

I'm using phalcon 3.4 and the cookies dont have setOptions function to use the sameSite=None the set function don't get the sameSite option tho .

public function set($name, $value = null, $expire = 0, $path = '/', $secure = null, $domain = null, $httpOnly = null)

and sessions don't have a setting to use the PHPSESSID with the sameSite=None

what should i do ? thanks.

Update : My Current PHP Version : 7.2 , Apache 2.4

talal424 · Answer 1 · 2020-11-03T14:45:37-07:00

talal424
8.4k

Nov '20

you may want to check this out https://stackoverflow.com/a/37049629/2640796

Jareni · Answer 2 · 2020-11-29T23:16:07-07:00

avoid tracking by cookies and the session data is lost as soon as the user leaves the site.

I had a similar problem with an OAuth backend I made and that was pretty much what my assumption was as only Safari users were seeing it. I do not have any Apple devices so I did not have a way to verify it KrogerFeed

You could always take the token, look up the user who it belongs to and re log them in manually. Depending on how much you trust that token.