Some of our customers are experiencing a strange situation in which they loose their session data. This always happen after a redirect from our payments privider ogone. The flow is a following:
The user is completing it's order
The user decides to pay through ogone.
Afterwards the user is redirected to the application's payment success / error handler.
While debugging this issue, I found out that the session data is lost when the user is redirected from ogone to the application. This happens only once on x amount of requests. So when I test the code in any possible browser, it appears to work just fine. I did not manage to find a link between failed payments and browser / payment method / ....
This is my session configuration:
$config['sess_driver'] = 'database';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 172800;//48 hours
$config['sess_save_path'] = 'ci_sessions';
$config['sess_match_ip'] = false;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
The first step is to confirm the card with the bank
try {
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-type: application/xml', 'Content-length: ' . strlen($xml)));
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_URL,'https://boatest.kuveytturk.com.tr/boa.virtualpos.services/Home/ThreeDModelPayGate');
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIE, session_name() . '=' . session_id());
$data = curl_exec($ch);
curl_close($ch);
} catch (Exception $e) {
echo 'Caught exception: ', $e->getMessage(), "\n";
}
The visitor is diverted to an external page to set the SMS payment verification code Then The second step is to Confirm the payment
try {
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-type: application/xml', 'Content-length: ' . strlen($xml)));
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_URL,'https://boatest.kuveytturk.com.tr/boa.virtualpos.services/Home/ThreeDModelProvisionGate'); //Baglanacagi URL
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIE, session_name() . '=' . session_id());
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);
curl_close($ch);
$xxxml = new SimpleXMLElement($data);
} catch (Exception $e) {
echo 'Caught exception: ', $e->getMessage(), "\n";
}
When it is switched to the second step, session data is lost
Can you help with this
Note that this problem does not occur permanently sometimes for some users
header('Set-Cookie: ' . session_name() . '=' . session_id() . '; SameSite=None; Secure');