Showing results for 
Search instead for 
Did you mean: 

PayPal Payflow LInk Hosted Payments and Cookie SameSite=Lax


PayPal Payflow LInk Hosted Payments and Cookie SameSite=Lax



I'm surprised I haven't seen this question come up. We are trying to setup PayPal PayFlow Link Hosted Payments with our cookie settings defined as SameSite=Lax. While we can access the PayPal page to enter in the credit card data, the RETURN_URL callback to our site does not re-initiate the previous web session since browser control was handed off to PayPal. The SameSite=Lax cookie setting prevents the existing web session from being loaded. We have tried passing the JSESSIONID to PayPal USER1 custom field and trying to add a cookie with this value, but Tomcat has already created a new cookie and does not use the newly created cookie. We have also tried overriding the cookie to SameSite=None in the response servlet and Apache 2.4 mod_headers httpd-ssl.conf, but it does not override the original cookie settings.


Anyone have any advice on how to resolve this issue?

New Community Member

Re: PayPal Payflow LInk Hosted Payments and Cookie SameSite=Lax

We are having this same problem with dropped session cookies on the payment POST back to our site within PayPal’s iframe; we are setting sameSite=None on both the forms and session cookie and are hosting our site on an Azure Web App service. PayPal should help its customers with information on how to deal with these changes to effectively use its services.