Omnipay - Session is cleared on order payment confirmation

Help for integrating the Laravel package
Forum rules
Always add your Laravel, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
Spam and unrelated posts will be removed immediately!
kdim95
Advanced
Posts: 213
Joined: 26 Aug 2022, 12:17

Omnipay - Session is cleared on order payment confirmation

Post by kdim95 » 23 Mar 2023, 09:23

Laravel framework version: 9.52.4
Aimeos Laravel version: ~2022.10
PHP Version: 8.2.4
Environment: Linux

Hello,

I am working with Omipay to implement a new payment method.

When the payment is complete the payment processor redirects back to the Aimeos website with a POST request, which contains Form Data with the related information about the payment.

The problem is that the redirection itself clears my session, I get logged out and get greeted by a "419 PAGE EXPIRED" error and I can't continue.

What is the proper way to handle this issue and implement a secure solution so the session isn't lost?

User avatar
aimeos
Administrator
Posts: 8238
Joined: 01 Jan 1970, 00:00

Re: Omnipay - Session is cleared on order payment confirmation

Post by aimeos » 27 Mar 2023, 16:56

Most likely, the browser doesn't send the session cookie to your site after redirecting from the payment gateway.
Try to set the Same-Site Cookie policy to "none" in config/session.php:

Code: Select all

'same_site' => "none",
Professional support and custom implementation are available at Aimeos.com
If you like Aimeos, Image give us a star

kdim95
Advanced
Posts: 213
Joined: 26 Aug 2022, 12:17

Re: Omnipay - Session is cleared on order payment confirmation

Post by kdim95 » 28 Mar 2023, 09:08

Is it secure to make this change in Aimeos?

I tried changing it to "none" and logging in does not work now.

User avatar
aimeos
Administrator
Posts: 8238
Joined: 01 Jan 1970, 00:00

Re: Omnipay - Session is cleared on order payment confirmation

Post by aimeos » 28 Mar 2023, 12:03

Then, it most be something else. Neverthless, you should check if the Laravel session cookie is sent to your server after the redirect from the payment provider.
Professional support and custom implementation are available at Aimeos.com
If you like Aimeos, Image give us a star

kdim95
Advanced
Posts: 213
Joined: 26 Aug 2022, 12:17

Re: Omnipay - Session is cleared on order payment confirmation

Post by kdim95 » 29 Mar 2023, 14:04

The cookie is not being sent.

I have created a callback route where I have turned off CSRF verification, where I will verify the data manually via the payment processor's Omnipay gateway's, it includes verification of certificate and signing with that certificate coming from the payment processor.

After verifying the signature, order ID and status, it will change the order status, log the user back in and redirect to the completed order page.

Post Reply