Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Discussion Session destroy randomly after redirection from PayU payment gateway redirection
Session destroy randomly after redirection from PayU payment gateway redirection
  • Offline Kiranrs
    Junior Member
  • **
  • Posts: 15
    Threads: 3
    Joined: Mar 2019
    Reputation: 0
#1
08-07-2022, 03:14 AM
(This post was last modified: 08-07-2022, 03:15 AM by Kiranrs.)

This question is posting after trying many solutions for about past 2 days and nothing is worked. Session in my Codeingiter 4 project behaving in a strange manner. There is a payment module in my application and PayU is my payment gateway provider. After the payment gateway redirection PayU will post some response data in my URL. At this time session destroys automatically. I don't know why and for your understanding it's happening becasue it's not happening everytime, say out of 10 session will destroy 7 time after the successfull payment. I get all the response from the PayU inside my controller. If the payment is cancelled by the use the frequency is about 5 out of 10 tries. This issue is only happends after redirection from PayU payment gateway irrespective of the payment status. I tried https://stackoverflow.com/questions/6402...eigniter-3, https://stackoverflow.com/questions/4848...odeigniter and many other sites.

I'm using Open LiteSpeed server in AlmaLinux 8. I added this in my virtual server config file

    context / {
        location    $DOC_ROOT/
        allowBrowse    1
        extraHeaders  header edit set-cookie $1;httponly;secure;samesite=none
      }
My htaccess file doesn't contain anything other than a rewrite rule for hiding **public** from URL.

This is my .env



    app.sessionDriver = 'CodeIgniter\Session\Handlers\DatabaseHandler' // Initially it was FileHandler
    app.sessionCookieName = 'ci_session'
    app.sessionExpiration = 7200
    app.sessionSavePath = ci_sessions
    # app.sessionMatchIP = false
    app.sessionTimeToUpdate = 300
    # app.sessionRegenerateDestroy = false
   
    # app.CSPEnabled = false
    // Initially all the cookie preferences are commented out experimented with different values.
    cookie.prefix = ''
    cookie.expires = 7200
    cookie.path = '/'
    cookie.domain = '<domain_name>'
    cookie.secure = true
    # cookie.httponly = false
    cookie.samesite = 'none' // I tried Lax also
    # cookie.raw = false
   
    security.csrfProtection = 'cookie'
    security.tokenName = 'csrf_token_name'
    security.headerName = 'X-CSRF-TOKEN'
    security.cookieName = 'csrf_cookie_name'
    security.expires = 7200
    security.regenerate = true
    security.redirect = true
    security.samesite = 'Lax'
    curlrequest.shareOptions = true

I tried this in my BaseController

    public function initController(RequestInterface $request, ResponseInterface $response, LoggerInterface $logger)
        {
            // Do Not Edit This Line
            parent::initController($request, $response, $logger);
   
            // Preload any models, libraries, etc, here.
   
            $this->session = \Config\Services:Confusedession();
            session();
        }
After the payment PayU will post response to [this function](https://jpst.it/2VWjd)
I'm using Codeigniter 4.1.5 and Litespeed 1.7.14.
Reply
  • Offline kenjis
    Administrator
  • *******
  • Posts: 3,265
    Threads: 90
    Joined: Oct 2014
    Reputation: 205
#2
08-07-2022, 04:30 PM

It seems it has something to do with SameSite Cookies.
But your CI is too old and not secure. First of all, upgrade to the latest version.
ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper
Reply
  • Offline ozornick
    Super Moderator
  • ******
  • Posts: 316
    Threads: 20
    Joined: Jul 2022
    Reputation: 16
#3
08-08-2022, 10:45 PM

https://forum.codeigniter.com/showthread.php?tid=82384
Use search about SameSite feature
Reply




Theme © iAndrew 2016 - Forum software by © MyBB