Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
F
F
fefwefwe2020-11-03 20:32:00
PHP
fefwefwe, 2020-11-03 20:32:00

Why does the authorization (session) flies after returning from an online payment?

Please tell me, after returning from another site with online payment, authorization (session) flies on the site.

headers in the browser are:

Request URL: https://site.ru/profile/my-objects/?cmd=paycard_success&id=132412&payment_type=add_object
Request Method: POST
Status Code: 303 
Remote Address: 87.236.16.222:443
Referrer Policy: strict-origin-when-cross-origin
cache-control: max-age=0, public
content-encoding: gzip
content-length: 20
content-type: text/html; charset=utf-8
date: Tue, 03 Nov 2020 16:33:49 GMT
expires: Tue, 03 Nov 2020 16:33:49 GMT
location: /login
server: nginx-reuseport/1.13.4
set-cookie: 2d0775bfd0b7f0c96336595c26b44616=9c80322b2fb78748dd1f2dae0cf23c49; path=/; domain=.site.ru; HttpOnly
status: 303
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
:authority: site.ru
:method: POST
:path: /profile/my-objects/?cmd=paycard_success&id=132412&payment_type=add_object
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7
cache-control: max-age=0
content-length: 234
content-type: application/x-www-form-urlencoded
cookie: _ym_d=1598787033; _ym_uid=1598787033858124437; _ym_isad=2; _ym_visorc=w
origin: https://paymaster.ru
referer: https://paymaster.ru/
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: cross-site
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36


in .htaccess
### Удалить заголовок ETag (иначе есть проблемы с кешированием при включенном сжатии)
<IfModule mod_headers.c>
    Header unset ETag
</IfModule>
FileETag None
## No directory listings
IndexIgnore *

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]


on the site https, when redirecting also https

-
If you log in and manually insert the necessary link in the browser, then everything works fine. It does not plow exactly when there is a transition from the payment site.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
F
fefwefwe, 2020-11-05
@fefwefwe

The problem turned out to be in the SameSite cookie attribute, when it is set to an empty value (it is not configured in php5) and when transferring data from another site using the POST method, such cookies are not displayed

Report
S
Sergei Tolkachev, 2020-11-04
@sergeytolkachyov

In other cases, the session does not crash? This is not in Joomla, but most likely in the extension for payment, or in the server settings.

Similar questions
M
MrLumusss2022-01-12 20:01:57
Is it possible to enable XMP if some dice don't support it? 4Reply
W
WebforSelf2021-03-23 23:45:26
How to start server after centos 7 backup, vestacp? 3Reply
A
Andrey Filimonov2017-04-10 11:30:43
Why is there an indent between fields? 3Reply
A
Albert Zurabyan2016-06-24 14:55:21
How to hide some object ids from a site from a SQL query? 3Reply
P
paaaffka2020-09-29 10:59:01
Is there a subscription plugin? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question