Returning from checkout Stripe logout problem

[manlio]

Hello I am using a Stripe checkout and at the end of the process the user is redirected on my server to store some data (Processwire 3.0.181).

I have the problem that everytime after the redirect the user is logged out and I cannot store the data properly.

I have read related forum posts and I have disabled sessionFingerprint and cleared all the sessions, but this doesn't seem to fix the problem.

$config->sessionFingerprint = false;

During my tests I have also noticed that my user remains logged in another tab but not in the actual that is managing the payment.

Anyone have an idea how to fix this problem or how to investigate it further?

Thank you very much and a have a nice weekend.

[elabx]

I have used Stripe Checkout and haven't got into this issue ? Are you redirecting to the exact same domain?? Things like this has happened to me when I redirect from Stripe to a different subdomain like "www.domain.com", and session was initially started in "domain.com"

[manlio]

Thanks for your reply elabx, I have already checked the domain and it is ok. Thank you anyway for the suggestion.

In this exact time I discovered that it is working and really I don't know what happened!

I will test more to see if the problem persist.

Have a nice evening.

[fliwire]

SameSite cookies explained (web.dev)

u need https and set SameSite = "None";

$config->sessionCookieSameSite = "None";

[manlio]

Thank you fliwire, I have added your line to my config.php and I will report if my users still have problems.

Thank you very much.

[manlio]

Hi, I am writing again because I still have some issues. A lot of payments goes flawlessly but some users (like 5/10%)  are still logged out when returning on the website.

A lot of users has already logged in the website in the past, so my guess if is it possible that something is stored in the browser preventing the expected behaviour?

One of the users reported me that at first he was logged out and than he retried and everything worked as expected. 

Thank you for any suggestions.

[fliwire]

make sure u have latest master version 3.0.184. 

sessionCookieSameSite  added 3.0.178
ProcessWire Weekly #366

or add to htaccess

<ifmodule mod_headers.c>
	Header always edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure
</ifmodule> 

u should have no issue.

[manlio]

I'm sorry for the delay in my reply, but I was busy on another project.

I will update PW to the latest build and follow your precious suggestions.

Thank you!

[manlio]

Hi! I'm still having problems, but sometimes it works. 

I have upgraded PW to the latest version with no success and also I tried to add 

<ifmodule mod_headers.c>
	Header always edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure
</ifmodule> 

to the .htaccess with no luck.

As an additional info, a guy logged in (using the same PC) with three different username and proceeded with the payment.

With the first user credential he was logged out at the end of the process, but with the second and the third user everything worked as expected.

Also another user tried to pay and at the first attempt the payment process didn't work and the second time it worked. 

Maybe the browser is storing something that it is the cause of the problem?

Thank you again for any advice.

Have a nice weekend.