Level 18
check your session configuration inconfig.session.phpfile
Aug 6, 2019
12
Level 2
Session getting destroyed after Payment gateway redirecting to success callback url.
Laravel Session getting destroyed after Payment gateway redirecting to success callback url.
Any Idea of resolving this issue.
Level 2
@ajithlal here is my configurations
'driver' => env('SESSION_DRIVER', 'file'),
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => env('SESSION_LIFETIME', 30),
'expire_on_close' => true,
/*
|--------------------------------------------------------------------------
| Session Encryption
|--------------------------------------------------------------------------
|
| This option allows you to easily specify that all of your session data
| should be encrypted before it is stored. All encryption will be run
| automatically by Laravel and you can use the Session like normal.
|
*/
'encrypt' => false,
the problem is only when the payment gateway redirects back to the success callback url the session is destroyed automatically.
Level 18
make 'expire_on_close' => false, and increment the session lifetime and try
Level 2
I did that too. but still the same.
I think it migh be this case as mentioed on Stackoverflow
When you use sessions, a SESSION_ID (or similar) cookie is sent to the browser to know what session is associated with each request.
Your processPayment method is called after a request from a user (it's certainly your js script that issues the request but it's the same), and you store data in the session linked to this particular user.
After PayPal finished its job, it does a request to a callback URL. This request is done by PayPal but not by your user you stored the data for. PayPal has no idea of the session cookie, so Laravel start a new empty session.
here is the link https://stackoverflow.com/questions/55027854/laravel-5-session-disappearing-after-redirection
but really dont know how to fix it
Level 18
maybe you can store the value to db before requesting payment to paypal and update the payment status and other fields that can be filled after successful payment. if the payment fails then you can delete the current entry from db or can keep the entry with payment_status=failed. for future reference.
I hope this will help you
Level 2
Yeah I can do that but the problem is that it destroys the session and also logs the user out which is not normal.
Level 2
OK I figured out the problem for myself.
In the config/session.php file I changed the configuration from 'same_site' => "strict", to 'same_site' => "lax",
Level 1
Laravel 7 Changes
Our package is comptible with Laravel 7 but same_site setting is changed in
default Laravel installation, make sure you change same_site to null in
config/session.php or callback wont include cookies and you will be logged
out when a payment is completed. So inside your config/session.php update
return [
...
...
'same_site' => null,
...
...
];
5 likes
Level 1
Your solution worked for me. lax was already there. When I changed that to null it worked!
Level 122
The callback will almost always be from the server at the payment provider. Therefore the session will NEVER relate to the user processing the transaction.
Level 1
The new versions of the browsers might be logging you out because of the new cookie policy.
References https://developers.google.com/search/blog/2020/01/get-ready-for-new-samesitenone-secure
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
Whenever the cookie is required to be sent to server, the browser sees the SameSite attribute to decide if the cookie to be sent to server or blocked. For user actions, it is sent to the server but for auto-redirects, it doesn't if SameSite is set to 'Strict' or 'Lax' (Lax is going to be the default value now).
Solution: The cookie attribute SameSite can be set to 'None' along with specifying the 'Secure' attribute to 'true'. Setting 'Secure' attribute to 'true' would require your site to run on https. Sites running with http:// protocol will not be able to set 'Secure' cookie. Please set the 'HttpOnly' attribute to 'true' for making it accessible for http requests to the server only.
In PHP, it can be achieved as below
session_set_cookie_params(0, '/PATH/; SameSite=None', <COOKIE_DOMAIN>, true, true);
1 like
Level 122
@ankitj this is irrelevant for a callback / webhook since the payment provider will never receive the users authentication cookie
Please or to participate in this conversation.