- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I'm surprised I haven't seen this question come up. We are trying to setup PayPal PayFlow Link Hosted Payments with our cookie settings defined as SameSite=Lax. While we can access the PayPal page to enter in the credit card data, the RETURN_URL callback to our site does not re-initiate the previous web session since browser control was handed off to PayPal. The SameSite=Lax cookie setting prevents the existing web session from being loaded. We have tried passing the JSESSIONID to PayPal USER1 custom field and trying to add a cookie with this value, but Tomcat has already created a new cookie and does not use the newly created cookie. We have also tried overriding the cookie to SameSite=None in the response servlet and Apache 2.4 mod_headers httpd-ssl.conf, but it does not override the original cookie settings.
Anyone have any advice on how to resolve this issue?
Solved! Go to Solution.
- Labels:
-
Payflow Link
-
Payflow Pro
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ,
Its not a paypal issue though . For SameSite=Lax , cookies will be sent in GET request initiated by 3rd party website . So in your case , when you getting a response back from paypal , use GET instead of POST request . You can change the call back url request type in PayPal Manger . I hope it works for you.
Good luck !
Vinay
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are having this same problem with dropped session cookies on the payment POST back to our site within PayPal’s iframe; we are setting sameSite=None on both the forms and session cookie and are hosting our site on an Azure Web App service. PayPal should help its customers with information on how to deal with these changes to effectively use its services.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are experiencing the same problem. Our site has been working flawlessly for several year. Suddenly our session is cleared when paypal posts back to our page.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ,
Its not a paypal issue though . For SameSite=Lax , cookies will be sent in GET request initiated by 3rd party website . So in your case , when you getting a response back from paypal , use GET instead of POST request . You can change the call back url request type in PayPal Manger . I hope it works for you.
Good luck !
Vinay
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you get an answer on this? We are struggling with 3 websites that consistently have issues with the auth code posting back. We believe we've set our cookies as samesite=none;secure, but still having issues.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think ultimately using a GET HTTPS request is the best solution, though I didn't want to use it because it can expose information to anyone reading requests and potentially modifying the results (trans_id or auth code) that a POST would hide. We have been noticing our cookie settings have been changing while navigating through our website, maybe that is something you might want to investigate. We have a load balancer that has been inconsistently applying the cookie settings that we're looking into. Ultimately SameSite=LAX has to be used. Chrome defaults to it when there is nothing defined as of Version 80 in February.
If you're still having an issue, you can create a servlet or web service to use the async batch response configured in PayPal Manager so you can at least store the response in your database. PayPal will keep sending the payload until it gets a 200 response from the server. That's the best I can think of for those extraneous dropped sessions.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Haven't Found your Answer?
It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.
- Need help to integrate PayPal Standard Checkout with Shopify in PayPal Payments Standard
- Platform Marketplace integration approval in Sandbox Environment
- [UNPROCESSABLE_ENTITY], but payment went through in PayPal Payments Standard
- Security header is not valid error message in woo commerce in PayPal Payments Standard
- Assistance Required: Locating Existing APP ID for Adaptive Payments in PayPal Business Account in NVP/SOAP APIs