Welcome Guest, Not a member yet? Register   Sign In
Session destroy randomly after redirection from PayU payment gateway redirection

(This post was last modified: 08-07-2022, 03:15 AM by Kiranrs.)

This question is posting after trying many solutions for about past 2 days and nothing is worked. Session in my Codeingiter 4 project behaving in a strange manner. There is a payment module in my application and PayU is my payment gateway provider. After the payment gateway redirection PayU will post some response data in my URL. At this time session destroys automatically. I don't know why and for your understanding it's happening becasue it's not happening everytime, say out of 10 session will destroy 7 time after the successfull payment. I get all the response from the PayU inside my controller. If the payment is cancelled by the use the frequency is about 5 out of 10 tries. This issue is only happends after redirection from PayU payment gateway irrespective of the payment status. I tried https://stackoverflow.com/questions/6402...eigniter-3, https://stackoverflow.com/questions/4848...odeigniter and many other sites.

I'm using Open LiteSpeed server in AlmaLinux 8. I added this in my virtual server config file

    context / {
        location    $DOC_ROOT/
        allowBrowse    1
        extraHeaders  header edit set-cookie $1;httponly;secure;samesite=none
My htaccess file doesn't contain anything other than a rewrite rule for hiding **public** from URL.

This is my .env

    app.sessionDriver = 'CodeIgniter\Session\Handlers\DatabaseHandler' // Initially it was FileHandler
    app.sessionCookieName = 'ci_session'
    app.sessionExpiration = 7200
    app.sessionSavePath = ci_sessions
    # app.sessionMatchIP = false
    app.sessionTimeToUpdate = 300
    # app.sessionRegenerateDestroy = false
    # app.CSPEnabled = false
    // Initially all the cookie preferences are commented out experimented with different values.
    cookie.prefix = ''
    cookie.expires = 7200
    cookie.path = '/'
    cookie.domain = '<domain_name>'
    cookie.secure = true
    # cookie.httponly = false
    cookie.samesite = 'none' // I tried Lax also
    # cookie.raw = false
    security.csrfProtection = 'cookie'
    security.tokenName = 'csrf_token_name'
    security.headerName = 'X-CSRF-TOKEN'
    security.cookieName = 'csrf_cookie_name'
    security.expires = 7200
    security.regenerate = true
    security.redirect = true
    security.samesite = 'Lax'
    curlrequest.shareOptions = true

I tried this in my BaseController

    public function initController(RequestInterface $request, ResponseInterface $response, LoggerInterface $logger)
            // Do Not Edit This Line
            parent::initController($request, $response, $logger);
            // Preload any models, libraries, etc, here.
            $this->session = \Config\Services:Confusedession();
After the payment PayU will post response to [this function](https://jpst.it/2VWjd)
I'm using Codeigniter 4.1.5 and Litespeed 1.7.14.

It seems it has something to do with SameSite Cookies.
But your CI is too old and not secure. First of all, upgrade to the latest version.

Use search about SameSite feature

Theme © iAndrew 2016 - Forum software by © MyBB