I wrote a program that set a cookie. it work well in http mode, but when I use https protocol, header of cookie add automatically add secure flag to it.
set-cookie: val=is; expires=Sun, 16-Feb-2025 07:26:50 GMT; Max-Age=90000; path=/; secure
my code is:
<?php
header('Set-Cookie: val=is; expires=Sun, 16-Feb-2025 07:26:50 GMT; Max-Age=90000; path=/');
What makes this happen?
Related
I have a Laravel APP deployed on Vapor(AWS Lambda). I am trying to send an API request to it from a React app running locally.
Below are the set-cookie headers from the API response.
XSRF-TOKEN=eyJpdiI6IlVSZGJrT2duOEo4dzFkaHNsb1pIS3c9PSIsInZhbHVlIjoiaXdlQmo2QmtsVjByUnFkREt1UE5XYWIvQTc1b3pVZlFLL09rWDhEY1FIL3JiYUg1Z2lBZUdQeVp1MEhyay80RG00SHJZNytSN1paZ0VKNjBBSzQxOEF6Y2tGSGF5SHZpa3QrbkVQWjErKzMzeXFJaUwrUTBqVi9iTklaRnBROXQiLCJtYWMiOiIzNTgxOGFiZGRkZTRlYTE5MzY1MDY4Y2UzMzA5YzdkYzk5NWUxMzdjMDdkMTY4NDI5YmFiNGQ4NTg4NGIzNTQxIiwidGFnIjoiIn0=; expires=Fri, 17-Sep-2021 16:00:35 GMT; Max-Age=7200; path=/; domain=localhost; samesite=lax
hylo_session=eyJpdiI6InEzK0Q3aytCWGM2T1dVSFdTSy80L2c9PSIsInZhbHVlIjoiYUpwd2tKV09GbTMrc2Z1WUdoM0hSc1V4TGFDQjR4elNxeFJudGpMMWM0M2kyUzZlY3JnNzRRc3BvRWk0S1J2S1RwOFRrSndzcFI2Vjh0c1Ewd1JiM1E5bHhXRDBkbnlLRlI4czdqTUsrRXViZXRHcUV2NklOekQvYk5iSWpraUQiLCJtYWMiOiI1OGExZGFiNzdkNzVlY2U3MjFkZGJjMTNjYTE3ZmVhYWQ4MjM5NzZkMDkxNWRkZDQ2Mjk4YTlhYTYzMTdlOGQ0IiwidGFnIjoiIn0=; expires=Fri, 17-Sep-2021 16:00:35 GMT; Max-Age=7200; path=/; domain=localhost; httponly; samesite=lax
Somehow the cookie is blocked. I am getting the following warning in the Network Tab:
The attempt to set cookie via set-cookie is blocked because its domain attribute is invalid with regards to the current host URL.
I am using Laravel Sanctum for Auth. Following are my env related to session:
SESSION_DRIVER=redis
SESSION_LIFETIME=120
SESSION_DOMAIN=localhost
SANCTUM_STATEFUL_DOMAINS=localhost:3000
CORS_ALLOWED_ORIGINS=http://localhost:3000
I even tried setting same_site value to none in sesison.php but it is still sending samesite as lax.
Any clue how to get this working?
first of all, i'm kinda new to paypal adaptive payments, until now I only used the REST api.
I have problems understanding the complete flow of the applications when implementing adaptive payments.
In the REST api I navigate the user to the paypal page where he pays and get's redirected to my page where I can react on the result.
Using the adaptive Payments the user does not get redirected directly after the payment. Therefore I cannot guarantee he will open the given redirect page.
It seems like ipn is the solution for this, however I'm not sure on how to implement this correctly.
I used an example i found and logged the result which iresults in the following log entry. I have problmens to interpret the result. It is generated using the ipn simulator.
[2016-05-02 20:17 UTC] HTTP request of validation request:POST /cgi-bin/webscr HTTP/1.1
Host: www.sandbox.paypal.com
Accept: */*
Connection: Close
Content-Length: 943
Content-Type: application/x-www-form-urlencoded
for IPN payload: cmd=_notify-validate&payment_type=instant&payment_date=Mon+May+02+2016+22%3A17%3A33+GMT%2B0200+%28Mitteleurop%C3%A4ische+Sommerzeit%29&payment_status=Completed&address_status=confirmed&payer_status=verified&first_name=John&last_name=Smith&payer_email=buyer%40paypalsandbox.com&payer_id=TESTBUYERID01&address_name=John+Smith&address_country=United+States&address_country_code=US&address_zip=95131&address_state=CA&address_city=San+Jose&address_street=123+any+street&business=seller%40paypalsandbox.com&receiver_email=seller%40paypalsandbox.com&receiver_id=seller%40paypalsandbox.com&residence_country=US&item_name1=something&item_number1=AK-1234&tax=2.02&mc_currency=USD&mc_fee=0.44&mc_gross=12.34&mc_gross_1=12.34&mc_handling=2.06&mc_handling1=1.67&mc_shipping=3.02&mc_shipping1=1.02&txn_type=cart&txn_id=250343399¬ify_version=2.1&custom=xyz123&invoice=abc1234&test_ipn=1&verify_sign=AFcWxV21C7fd0v3bYYYRCpSSRl31AIR-7FrBuOZZqJMDr8d5DxEI9rpG
[2016-05-02 20:17 UTC] HTTP response of validation request: HTTP/1.1 200 OK
Date: Mon, 02 May 2016 20:17:42 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Set-Cookie: c9MWDuvPtT9GIMyPc3jwol1VSlO=vKsQ6Wsa8-CKaGYKLQkEziH8epLey-sigvcn6CGIx_BbN7f2lkSe4OGhXkrOoD98VscO4s-IeGzIJCQSjGbkN5Zy8ggokZMUzKgmU3DXPZQ12IS1gqWwws-ZbEZwuGYp75eS0cS94sdZ7NduMDdd-wj9neb47z6x3sZOBs76MeZAu3aVS0hQFhfLWtTs5kGfVtFWpDMlA-h6xzEk1jTOteInNMwwvIKfcctwTP0lq7HdBsSpBOxgGkj5aGqanty9RiMlioT_7_3I93WK2S1pTJuN5HIIuS4Ci3HuXUkgin6ian6oEhLnCPodUjWa_VIVmAUkxmVcrb1AOxLDa0lBYfV5b7vnHTHWkxtct-r7YQKX6un7_RyfeOrlSODOK-1FPcaQl6R5W7bQEuvm98K4kECj_EkvIFeUcjZWQ7wUx5Lc-Sja3yZDfFrWSvS; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: cookie_check=yes; expires=Thu, 30-Apr-2026 20:17:42 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navcmd=_notify-validate; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Wed, 02-May-2018 20:17:42 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: Apache=10.72.108.11.1462220262202022; path=/; expires=Wed, 25-Apr-46 20:17:42 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
HTTP_X_PP_AZ_LOCATOR: sandbox.slc
Paypal-Debug-Id: ed99d0b22cb7d
Set-Cookie: X-PP-SILOVER=name%3DSANDBOX3.WEB.1%26silo_version%3D1880%26app%3Dappdispatcher%26TIME%3D3870631767%26HTTP_X_PP_AZ_LOCATOR%3Dsandbox.slc; Expires=Mon, 02 May 2016 20:47:42 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: X-PP-SILOVER=; Expires=Thu, 01 Jan 1970 00:00:01 GMT
Strict-Transport-Security: max-age=14400
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
INVALID
[2016-05-02 20:17 UTC] Invalid IPN: cmd=_notify-validate&payment_type=instant&payment_date=Mon+May+02+2016+22%3A17%3A33+GMT%2B0200+%28Mitteleurop%C3%A4ische+Sommerzeit%29&payment_status=Completed&address_status=confirmed&payer_status=verified&first_name=John&last_name=Smith&payer_email=buyer%40paypalsandbox.com&payer_id=TESTBUYERID01&address_name=John+Smith&address_country=United+States&address_country_code=US&address_zip=95131&address_state=CA&address_city=San+Jose&address_street=123+any+street&business=seller%40paypalsandbox.com&receiver_email=seller%40paypalsandbox.com&receiver_id=seller%40paypalsandbox.com&residence_country=US&item_name1=something&item_number1=AK-1234&tax=2.02&mc_currency=USD&mc_fee=0.44&mc_gross=12.34&mc_gross_1=12.34&mc_handling=2.06&mc_handling1=1.67&mc_shipping=3.02&mc_shipping1=1.02&txn_type=cart&txn_id=250343399¬ify_version=2.1&custom=xyz123&invoice=abc1234&test_ipn=1&verify_sign=AFcWxV21C7fd0v3bYYYRCpSSRl31AIR-7FrBuOZZqJMDr8d5DxEI9rpG
Yes, the answer you are looking for is IPN. There are steps to implement the flow.
First, in your sandbox settings - you should enable the Instant Payment Notification and provide url for it. Now, you can just enter a dummy link, cause you can overwrite it with the actual call for the payment. Have in mind, that you should provide a real url, because PayPal is unable to see your localhost.
Next, you should implement an IPN listener in your code. I think this should help you with it. I did it in C#, so cannot provide you with the exact code. It is important for you to include some information for the payment in the payment call to paypal, so you can receive it in the IPN and detect for which payment you are receiving a notification.
Btw, you can specify ReturnURL and CancelURL in the payment call to paypal, so the user is automatically redirected to where you want, after he has completed his payment.
When viewing the cookies on my Magento 1.7 site homepage the "frontend" cookie is shown twice.
Examples of the cookies being produced
frontend=stpvj4gep5c2h9qu4mhcdlru40;
expires=Wed, 04 Feb 2015 02:21:23 GMT;
path=/;
domain=.example.com.au; HttpOnly
frontend=stpvj4gep5c2h9qu4mhcdlru40;
path=/;
domain=example.com.au
How do you make it so that only one cookie is being produced?
You need to set a cookie domain in the Admin Panel. You can find the setting under System -> Configuration -> General / Web / Session Cookie Management: Cookie Domain.
I happen to notice that when I make a request to my API (written in Laravel framework), there is Set-Cookie:
Set-Cookie: laravel_session=eyJpdiI6IlF5SDNLeGlRRTBFSlVJbXROSEZMWlE9PSIsInZhbHVlIjoiRlZXWVJrZERJN0tPRDU1TG40MGpJeURDQjRncUFYWGk4MjRBeFhMVHc3S2w5aW8yRFc1TCt4UWUzTEJnMTRpNkpYYkV6bnZ6Yk85RWF0MGIxaVhXYkE9PSIsIm1hYyI6ImRmNTc0MzRkZGM1ZDg0YWZkMWZjZThjOGI4Y2FlNTI2NjRhN2JjOGU0OTVkMWEwNTMwYTNlZmYxY2Y2ODNiMzkifQ%3D%3D; expires=Fri, 09-Jan-2015 20:49:47 GMT; Max-Age=7200; path=/; httponly
How can I get rid of it or block my Laravel API to not use it? It is possible can add a script in that laravel_session value.
Also, how do I avoid my app to consume the cookie set by the request?
You can disable session cookies for the whole application by changing the session driver to array
In app/config/session.php:
'driver' => 'array'
I have this issue. When I pay with paypal account, everything is fine, paid successfully and IPN hit back and update my database. But when i pay with credit card option, it's paid successfully at paypal end. But when i check my logs file, i got following errors and my database is not updated because of that error. Here is the log file.
cmd=_notify-validate&mc_gross=20.00&protection_eligibility=Partially+Eligible+-+INR+Only&address_status=unconfirmed&payer_id=2MXXFD6AQ43BA&tax=0.00&address_street=test%0Atest&payment_date=18%3A48%3A29+May+27%2C+2011+PDT&payment_status=Pending&charset=windows-1252&address_zip=640533&first_name=test&address_country_code=SG&address_name=test+test¬ify_version=3.1&custom=111%2C&payer_status=unverified&business=test_1303236553_biz%40gmail.com&address_country=Singapore&address_city=Singapore&quantity=1&verify_sign=An5ns1Kso7MWUdW4ErQKJJJ4qi4-AaEK7w348WQzfOfzLl3lrSKWYDOG&payer_email=knightrider%40gmail.com&txn_id=8H5315386S139944F&payment_type=instant&last_name=test&address_state=&receiver_email=test_1303236553_biz%40gmail.com&receiver_id=53B6G7SG6JKME&pending_reason=multi_currency&txn_type=web_accept&item_name=Item&mc_currency=SGD&item_number=&residence_country=SG&test_ipn=1&receipt_id=3969-1532-6232-5707&handling_amount=0.00&transaction_subject=111%2C&payment_gross=&shipping=0.00&ipn_track_id=smYslnsttVEUV7COBCKq5Q
ERROR - 2011-05-28 09:48:37 --> verify fail: HTTP/1.1 200 OK
Date: Sat, 28 May 2011 01:48:36 GMT
Server: Apache
Set-Cookie: c9MWDuvPtT9GIMyPc3jwol1VSlO=Ye21176JM0INrH_mgX028q_y72FW1Bz126j4BoxaJRY2L6TRQAfy8NN4REbQ0zbB6qwT_dJNA1mK0kU0T0ygtxZITXeG-RFGQ7KTXslYfcnreEukYMJRfdlkHlya7vHr6rdvwW%7cteseN7TyBXzvckcwMjQeg4r6VElLIpc6dvi-MuvLWzZ05kb5xoQG-hlpVvhaqCWIjx_h00%7cyuYEQ40G78uE-mVRJmAymkg8-jr88yZUZqEtmBrsVuNlXmmsaX2r8Yn-xoUPDMvW5Y3qwW%7c1306547317; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: cookie_check=yes; expires=Tue, 25-May-2021 01:48:37 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navcmd=_notify-validate; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Fri, 23-May-2031 01:48:37 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: Apache=10.191.196.11.209281306547316396; path=/; expires=Thu, 13-Apr-05 19:20:20 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
INVALID
This needs some troubleshooting . here is what I found upon googling the issue
https://www.x.com/thread/40485
https://www.x.com/docs/DOC-1551
please post back what you found for others to help them.
from paypals site:
The payment is pending because it was made via credit card and you must upgrade your account to Business or Premier status in order to receive the funds. upgrade can also mean that you have reached the monthly limit for transactions on your account.
so if youve set up your ipn to only look from "completed" transactions
youll never get a hit
so you should do two things
1) chage your paypal account type
2) implement a "pending" routine in your listener