+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=31)
+--- Thread: Session destroy randomly after redirection from PayU payment gateway redirection (/showthread.php?tid=82675)
Session destroy randomly after redirection from PayU payment gateway redirection - Kiranrs - 08-07-2022
This question is posting after trying many solutions for about past 2 days and nothing is worked. Session in my Codeingiter 4 project behaving in a strange manner. There is a payment module in my application and PayU is my payment gateway provider. After the payment gateway redirection PayU will post some response data in my URL. At this time session destroys automatically. I don't know why and for your understanding it's happening becasue it's not happening everytime, say out of 10 session will destroy 7 time after the successfull payment. I get all the response from the PayU inside my controller. If the payment is cancelled by the use the frequency is about 5 out of 10 tries. This issue is only happends after redirection from PayU payment gateway irrespective of the payment status. I tried https://stackoverflow.com/questions/64021982/php-session-is-automatically-gets-destroyed-after-payu-payment-gateway-redirect,https://stackoverflow.com/questions/64420513/session-destroy-after-redirect-from-payment-gateway-in-codeigniter-3, https://stackoverflow.com/questions/48485129/php-session-are-lost-after-redirect-in-codeigniter-3,https://stackoverflow.com/questions/12067929/session-lost-after-redirect-in-codeigniter and many other sites.
I'm using Open LiteSpeed server in AlmaLinux 8. I added this in my virtual server config file
context / {
location $DOC_ROOT/
allowBrowse 1
extraHeaders header edit set-cookie $1;httponly;secure;samesite=none
}
My htaccess file doesn't contain anything other than a rewrite rule for hiding **public** from URL.
This is my .env
app.sessionDriver = 'CodeIgniter\Session\Handlers\DatabaseHandler' // Initially it was FileHandler
app.sessionCookieName = 'ci_session'
app.sessionExpiration = 7200
app.sessionSavePath = ci_sessions
# app.sessionMatchIP = false
app.sessionTimeToUpdate = 300
# app.sessionRegenerateDestroy = false
# app.CSPEnabled = false
// Initially all the cookie preferences are commented out experimented with different values.
cookie.prefix = ''
cookie.expires = 7200
cookie.path = '/'
cookie.domain = '<domain_name>'
cookie.secure = true
# cookie.httponly = false
cookie.samesite = 'none' // I tried Lax also
# cookie.raw = false
security.csrfProtection = 'cookie'
security.tokenName = 'csrf_token_name'
security.headerName = 'X-CSRF-TOKEN'
security.cookieName = 'csrf_cookie_name'
security.expires = 7200
security.regenerate = true
security.redirect = true
security.samesite = 'Lax'
curlrequest.shareOptions = true
I tried this in my BaseController
public function initController(RequestInterface $request, ResponseInterface $response, LoggerInterface $logger)
{
// Do Not Edit This Line
parent::initController($request, $response, $logger);
// Preload any models, libraries, etc, here.
$this->session = \Config\Services:
ession();session();
}
After the payment PayU will post response to [this function](https://jpst.it/2VWjd)
I'm using Codeigniter 4.1.5 and Litespeed 1.7.14.
RE: Session destroy randomly after redirection from PayU payment gateway redirection - kenjis - 08-07-2022
It seems it has something to do with SameSite Cookies.
But your CI is too old and not secure. First of all, upgrade to the latest version.
RE: Session destroy randomly after redirection from PayU payment gateway redirection - ozornick - 08-08-2022
https://forum.codeigniter.com/showthread.php?tid=82384
Use search about SameSite feature