Magento 2.3.5-p1 - Chrome - User cannot login

[tuyennn]

• Magento 2.3.5-p1
• Veriteworks_CookieFix 2.3.1
• Chrome Version 85.0.4183.102
• User cannot login

3ds payment works on Chrome as expected but it caused issue user cannot login with Chrome only.

Update: Version

[HirokazuNishi]

Which version are you using? Latest?

[tuyennn]

@HirokazuNishi Please check my update with version for each

[HirokazuNishi]

@tuyennn Thanks, is your environment running under HTTPS? "Samesite = none" is only allowed with "Secure" flag.

[tuyennn]

@HirokazuNishi Both "unsecure"(my local) and my production with "Secure" HTTPS has same issue with Chrome

[HirokazuNishi]

@tuyennn Could you share me your cookie details? PHPSESSID must have 'secure' and 'Samesite=None'.

[tuyennn]

@HirokazuNishi Since customer cannot log in, we would never have PHPSESSID exist.

[tuyennn]

@HirokazuNishi As I debugged this override made the login being troubled <preference for="Magento\Framework\Session\Config\ConfigInterface" type="Veriteworks\CookieFix\Session\Config"/>

[HirokazuNishi]

what kind of trouble? I checked both php7.2/7.3, but no trouble.

[tuyennn]

@HirokazuNishi A proper fix and workaround on the override, I did check if the request related to customer => Just return $this, as no running over

$this->setOption('session.cookie_samesite', 'None');

[HirokazuNishi]

@tuyennn the code can use only for PHP7.3 and later. PHP7.2 cannot use it.

[tuyennn]

public function setCookiePath($cookiePath, $default = null)
    {
        parent::setCookiePath($cookiePath, $default);

        /** @var HttpRequest $httpRequest */
        $httpRequest = ObjectManager::getInstance()->get(HttpRequest::class);
        $parts = explode('/', trim($httpRequest->getPathInfo(), '/'));

        if (!empty($parts) && is_array($parts) && isset($parts[0])) {
            if ($exclude = $parts[0] === 'customer') {
                return $this;
            }
        }

        $cookiePath = $this->getCookiePath();

        $version = PHP_VERSION_ID;

        if ($version >= 70300) {
            $this->setOption('session.cookie_samesite', 'None');
        } else {
            if (!preg_match('/SameSite/', $cookiePath)) {
                $cookiePath .= '; SameSite=None';
                $this->setOption('session.cookie_path', $cookiePath);
            }
        }

        return $this;
    }

[HirokazuNishi]

@tuyennn I cannot understand what happens on your side. Your code seems "No SameSite attribute for customer module related path".

[HirokazuNishi]

@tuyennn Also, if you have improved code, please submit PR. But I won't accept direct ObjectManager using code.

[tuyennn]

Just a proper fix, your old code could be converted to Plugin, i don't have plan to contribute but just an idea with current issue. Will take a look to this later.

[HirokazuNishi]

Of course, it can convert to plugin. However I can't agree your fix.