Chrome users are send to an empty cart page instead of the success page after a succesfull payment.

[igorwulff]

Since this month multiple of our Magento 1 clients (and Magento 2 but that is not related to this M1 module) have reported issues where a lot of revenue is no longer tracked for their orders (1/3 of the amount), even though the orders were payed and had a correct status in Magento.

We see the following happening in the access logs and our own tests: `[25/Aug/2020:10:30:40 +0200] "POST /buckaroo3extended/notify/return/ HTTP/1.0" 302 0 "https://checkout.buckaroo.nl/html/redirect.ashx?r=id" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Mobile/15E148 Safari/604.1"

[25/Aug/2020:10:30:40 +0200] "GET /checkout/onepage/success/ HTTP/1.0" 302 0 "https://checkout.buckaroo.nl/html/redirect.ashx?r=id" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Mobile/15E148 Safari/604.1"

[25/Aug/2020:10:30:40 +0200] "GET /checkout/cart/ HTTP/1.0" 200 761538 "https://checkout.buckaroo.nl/html/redirect.ashx?r=id" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Mobile/15E148 Safari/604.1"`

So a customer is send first to the success page, but the page is never outputted and a customer is instead redirected to the cart page... which appears to be empty. A successful payment message is shown. The redirect is caused because the session assigned to the customer at that point no longer contains any data, and also no getLastSuccessQuoteId value.

The redirect is triggered by the following line: app/code/core/Mage/Checkout/controllers/OnepageController.php:282 ` /**

• Order success action */ public function successAction() { $session = $this->getOnepage()->getCheckout(); if (!$session->getLastSuccessQuoteId()) { $this->_redirect('checkout/cart'); return; }`

We found out this appears to be happening (for now) only in the Chrome browser and see multiple pages reporting this or providing fixes for M1/M2: https://github.com/OpenMage/magento-lts/issues/414#issuecomment-665566029 https://github.com/Veriteworks/CookieFix

I was able to fix this for my own computer by disabling the flags used for SameSite in Google Chrome under chrome://flags/. Specifically:

1. SameSite by default cookies
2. Enable removing SameSite=None cookies
3. Cookies without SameSite must be secure

We are now mostly wondering if something in the Buckaroo module can be changed to fix this issue.

We are also curious if changing the custom url for Buckaroo to a subdomain of our client would fix the above issues, since that is a feature of Buckaroo, but beyond this module perhaps.

[vladislav-padalka-hys]

Hi @igorwulff ! Thanks for your report ! We know about that issue and have some fixes for M2 in https://github.com/buckaroo-it/Magento2/commits/master/Controller/Redirect/Process.php related to it already. As for M1 then it's under review.

[igorwulff]

Hi @vladislav-padalka-hys that's good to hear! Can you give us an ETA?

[vladislav-padalka-hys]

it's expected next week

[vladislav-padalka-hys]

Hi @igorwulff ! It has been fixed in master branch You can find a commit here : https://github.com/buckaroo-it/Magento/commit/610116296ec2ebb0f1f6851d21b86df8c19187e1

[igorwulff]

Hi @vladislav-padalka-hys that's great to hear! I assume you are doing some final tests before putting a stable tag on it?

[igorwulff]

Hi @vladislav-padalka-hys can you give me an ETA of when this will get a release tag?

[vladislav-padalka-hys]

Hi @igorwulff ! Sorry for delay , but here is the release with the fix https://github.com/buckaroo-it/Magento/releases/tag/v5.13.0 Thanks again for your request!

[igorwulff]

Awesome! I will give feedback after testing this with the client and our test partner.