I am running into an issue with a redirect and sessions.
The flow of the applications is this:
Customer goes to site
Adds product to cart
Selects to checkout with PayPal
Is redirected to PayPal
Logs in to PayPal
Redirected back to site
Continues through billing/shipping pages
Confirms the order and submits
This is working in development without an issue.
When I go to the live server, the session keeps getting lost after the redirect to PayPal.
Any idea what it could be?
Extra Info:
I found that when I first go to the website, I have a session ID.
When I go through the checkout process and I am redirect to PayPal, then directed back to the return URL (back to the merchant website), the same session ID is in the cookie. So it looks like the session is not being restarted, but rather that the session data is just empty.
I have same issue, and I found that it's mistake in domain name, as before redirecting to paypal url is
'http://www.example.com/paypal-redirect.php'
while at the time of return from paypal url is
'http://example.com/paypal-return.php'
so here I missed www, so it might be that, or http/https just do check that thing, hope that will help to resolve this issue
Are you calling session_start() on the page that returns from Paypal?
That is usually the common mistake.
http://www.w3schools.com/php/php_sessions.asp
in php.ini,
set session.cookie_domain= '.yourdomain.com';
or if you don't have access to it change domain parameter
session_set_cookie_params ( lifetime,'/','.yourdomain.com',false);
note that you have to call it before session_start();
this would share the session over all subdomains including www.domain.com, this solved my problem. this has the advantage that we need not worry whether user typed www.domain.com or simply domain.com to access the page.Hope this helps
Related
I'm having a page, that redirects to an external URL, where a customer is adding their data and then is returned back to my site. However when the customer is returned the session cookie is blocked by the browser, because "the request comes from a different site". This happens in FireFox (with SameSite=Lax) 100% of the times and "whenever it wants" in Chrome. I don't understand why does this happen, how does it see the site is different and what really the site is (there is no info in the Dev tools).
This blocking logouts the customer and I need them to be logged in.
Any help will be appreciated!
I did a workaround. I'm posting it here in case somebody has the same issue and the fix will work for them. When the user is redirected to the other side I'm sending a session id in the return URL. The if the user is returned and is not logged in I add the cookie with that id and refresh the page, this way the user is returned logged in.
I think what you want is: when user came back to your site, he no longer needs to login. So in your back-end, just set the cookie's flag to Samesite = None; Secure. This will make the browser to send cookies regardless of where he came from ( the external domain ).
I'm creating a session variable in one PHP page and on that page I am redirecting to an online payment portal.
After payment, the user is redirected to a payment success page on my server. Will the session variable still be valid?
The above answers are true if you are storing sessions using cookies. If cookies are disabled then a PHP_SESSION parameter will be passed in the URL. For the returning user to be able to continue using the session the payment gateway would need to redirect back with the same session hash.
As stated if you are using the default PHP session settings then cookies should be in use and this would not be an issue. What about the users whom may have cookies disabled, your flow will break. Chances are slim and the amount of users effected may be small.
I'm currently using the Paypal REST API to process billing agreements for users with multiple plans.
When a user signs up for a plan, it takes them to PayPal to pay. After they finish that step, PayPal redirects them to a return URL that I have supplied.
The problem is, sometimes the user's session does not persist when they return from PayPal!
I have session_start() as the first line in all of my files, so the sessions are being created. I have verified, before taking the user to PayPal, that the $_SESSION array is being populated - it's just when they are brought back after PayPal.
Is there a better way to persist data like that so I can update a users account on return back from PayPal? Or maybe there is a way to pass the email with the PayPalrequest so that it is returned in the object they send back to my website on return?
If you're properly starting the session via session_start() on both your sign-up page and the page that PayPal redirects back to, your session should be starting properly.
Assuming that you're not inadvertently closing the session, or regenerating the ID, it sounds like there isn't an actual "session management" issue, but perhaps it has to do with the URL that PayPal is redirecting back to.
A common issue with PHP sessions is that, with a default PHP config, they don't carry between subdomains.
For example, if I visit your domain domain at example.com, my session will only be active on example.com. If I then go to www.example.com, I will receive a new session.
You can verify this by going to your site at example.com or www.example.com and checking what domain the PHPSESSID cookie is set for. If it is not .example.com (note the leading .), then this is the issue =]
To help resolve this, you can modify your server's config to set the .example.com as the cookie's domain. Taken from this answer:
session.cookie_domain = ".example.com"
The same answer I gave to a recent question should work here as well:
The solution I used for this same problem was to set
override_merchant_preferences on the billing agreement, with the
return_url containing the user id in the query, like
www.domain.com/api/handler.php?uid=42&action=return.
Though of course you can pass any identifiers you'd like through the $_GET that way.
I am facing a really weird issue here.
I have two websites: **A** and **B**
**A** is the landing page (a micro website). **A** is running Joomla.
**B** - payment pages. Coded with CodeIgniter. Uses session library and stores session data in a database.
=================
Scenario:
a user visits a landing page (website A), chooses a service package and clicks buy. Then he is taken to the payment page (website B) and starts filling in his application form.
Once he is done, he is taken to a payment gateway (provided by SecureTrading) and makes a payment. After a successful payment, a user is taken back to website B, where he has to finish the last bit of his application.
Problems:
After a successful payment, user is redirected back to website B, but for some reason all session data is lost.
When does this happen:
Session data is lost only when a user is coming from the landing page (A).
If i start filling the application form without visiting the landing page at first, everything works just fine.
Why is this happening?
How do i fix this?
Make sure in your application/config.php file you have the following setting set to this value:
$config['cookie_domain'] = ".mysite.com";
Take note of the leading . which denotes that the cookie domain is site-wide. This will make sure the cookie can be accessed from all sub-domains. Here is more information on how cookie domains work. You should always setup this config option as it defaults to empty and will thus use the default cookie setting which in most setups is not what the developer will want.
I have a problem with cookies.
Basically I'm trying to store the user's session ID as a cookie like so:
setcookie("CheckoutSessionID",session_id(),time()+3600);
This works fine on my site, the cookie has the correct value and is valid for long enough. However, my site redirects to PayPal so the user can confirm a payment. The user is then redirected back to my site. It's when the user is redirected back to my site that ALL cookie variables are gone.
As in, print_r($_COOKIE), var_dump($_COOKIE) etc have no values. This only occurs after being directed to and from PayPal.
Any ideas as to why this is happening?
Thanks in advance for all help, I'm stumped!
Okay I've been digging quite deep and realised that an earlier question of mine is related:
PHP sessions and session_start()
Basically I had problems because PHP sessions were being deleted when I went to PayPal and back. However, I believe this was actually caused by the session COOKIE being destroyed, not the entire session.
I also found this topic here: Do PHP sessions get lost when directing to a payment gateway?
Answer given by someone suggests using a GET request with the return URL to send data back, instead of using cookies or sessions.
The whole reason I was using a cookie in the first place was to save the user's session ID, as the sessions weren't working properly, so basically I've just made my return URL something like this:
mydomain.co.uk/mypage.php?SessionID=[session ID goes here] and then obtained it then set the user's session ID to it.
Sorted! For now... I mean I'll probably end up hitting another brick wall due to cookies/sessions not working properly.
Thanks everyone for your help :)
Actually whatever is happening (cookie is being empty), logically it's right. When you submit a page/make request the browser sends the cookie from the client's computer with the request so that you can find the cookie in the cookie variable.
But once you redirect the user to another external page/site and come back again to your page then you should not get the cookie in the cookie variable because (in your case) when the user is getting back to your site from the paypal the paypal is not submitting the cookie with the request.
In this case you can save your data in the database before you redirect the user to the paypal and once the user comes back to your site you can retrieve that data from the database.
I got similar problem cookies being removed after redirect from Paypal.
it took me a while to figure out where was a problem.
Samesite=**"Strict"** // Removes cookies after redirect from Paypal.
Samesite=**"Lax"** // does not remove cookies after redirect from Paypal.