Closed tuyennn closed 4 years ago
Which version are you using? Latest?
@HirokazuNishi Please check my update with version for each
@tuyennn Thanks, is your environment running under HTTPS? "Samesite = none" is only allowed with "Secure" flag.
@HirokazuNishi Both "unsecure"(my local) and my production with "Secure" HTTPS has same issue with Chrome
@tuyennn Could you share me your cookie details? PHPSESSID must have 'secure' and 'Samesite=None'.
@HirokazuNishi Since customer cannot log in, we would never have PHPSESSID exist.
@HirokazuNishi
As I debugged this override made the login being troubled
<preference for="Magento\Framework\Session\Config\ConfigInterface" type="Veriteworks\CookieFix\Session\Config"/>
what kind of trouble? I checked both php7.2/7.3, but no trouble.
@HirokazuNishi A proper fix and workaround on the override, I did check if the request related to customer => Just return $this, as no running over
$this->setOption('session.cookie_samesite', 'None');
@tuyennn the code can use only for PHP7.3 and later. PHP7.2 cannot use it.
public function setCookiePath($cookiePath, $default = null)
{
parent::setCookiePath($cookiePath, $default);
/** @var HttpRequest $httpRequest */
$httpRequest = ObjectManager::getInstance()->get(HttpRequest::class);
$parts = explode('/', trim($httpRequest->getPathInfo(), '/'));
if (!empty($parts) && is_array($parts) && isset($parts[0])) {
if ($exclude = $parts[0] === 'customer') {
return $this;
}
}
$cookiePath = $this->getCookiePath();
$version = PHP_VERSION_ID;
if ($version >= 70300) {
$this->setOption('session.cookie_samesite', 'None');
} else {
if (!preg_match('/SameSite/', $cookiePath)) {
$cookiePath .= '; SameSite=None';
$this->setOption('session.cookie_path', $cookiePath);
}
}
return $this;
}
@tuyennn I cannot understand what happens on your side. Your code seems "No SameSite attribute for customer module related path".
@tuyennn Also, if you have improved code, please submit PR. But I won't accept direct ObjectManager using code.
Just a proper fix, your old code could be converted to Plugin, i don't have plan to contribute but just an idea with current issue. Will take a look to this later.
Of course, it can convert to plugin. However I can't agree your fix.
3ds payment works on Chrome as expected but it caused issue user cannot login with Chrome only.
Update: Version