From Chrome version 80 onwards, the Cookie policy is updated from SameSite=None to SameSite=Lax by default, which means when the browser receives the cookie from the server without SameSite Chrome assumes either SameSite=None (<v80) or SameSite=Lax (v80>) depending on the version. Sample cookies, part of response header from site: Actual cookies received from Merchant Site Chrome default cookie policy before version 80 Chrome default cookie policy on/after version 80 Set Cookie : OrderId=123767; Domain=foo.example.com; OrderId=123767; Domain=foo.example.com; SameSite=None OrderId=123767; Domain=foo.example.com; SameSite=Lax Set Cookie : UserSessionID=AUXBSEW; Domain=foo.example.com UserSessionID=AUXBSEW; Domain=foo.example.com; SameSite=None UserSessionID=AUXBSEW; Domain=foo.example.com; SameSite=Lax SameSite=None --> Browsers always sends back cookies to server(foo.example.com) though request is triggered from same domain(foo.example.com) or from different domain(othersite.com) SameSite=Lax --> Browsers sends back cookies to server(foo.example.com) only when request is triggered from same domain(foo.example.com) else it does not send In our case : Once transaction is successfully performed, PayflowLink responds back with all transaction details and programmatically submit the form to merchant site; kind of a redirection from a different domain. With Chrome v80+ Chrome does not send back the important cookies to your site; in the example: OrderId and UserSessionID. These cookies are missed in the request back to the website. This is the reason some customers are facing issues when they do the transactions through latest version of the Chrome browser. Solution: would be to add SameSite=None; Secure attributes as part of your cookies, which helps to track back the transaction. For example : Set Cookie : OrderId=123767; Domain=foo.example.com; SameSite=None; Secure Set Cookie : UserSessionID=AUXBSEW; Domain=foo.example.com; SameSite=None; Secure Note : By adding “SameSite=None; Secure” attributes in cookies may lead to some other security vulnerabilities, so you will need to decide to include this attribute or not. You tube reference for SameSite Cookie Attribute can be found at: https://www.youtube.com/watch?v=aUF2QCEudPo
... View more