SameSite Fix – Secure Cookies & Sessions (Strict, Lax, None)


Recently browsers have decided to declare cookies by default as samesite=LAX which means any payment gateway that redirects away from your site for payment and then redirects back after payment will wipe out any and all cookies not declared as samesite=none.
This plugin primarily provides a way to fix this issue with our samesite=none option this will fix your issue.

£40.00

SKU: OC_SameSite

Description

Recently browsers have decided to declare cookies by default as samesite=LAX which means any payment gateway that redirects away from your site for payment and then redirects back after payment will wipe out any and all cookies not declared as samesite=none.
This plugin primarily provides a way to fix this issue with our samesite=none option this will fix your issue.

—————–

This plugin will apply secure flags on all cookies and the PHPSESSID session cookie for secure cookies under HTTPS – a common requirement of PCI DSS scanners.

Will make sure your cookies do not leak into HTTP and vise-versa.

This is now a requirement for PCI Compliancy, and also Chrome 80 will require “samesite=none, secure” on all cookies – https://github.com/GoogleChromeLabs/samesite-examples

Strict, Lax or None – SameSite Setting
the OCMOD version of this mod is split into 3 different packages, Strict, None and Lax.
Browsers recently changed default cookie behaviour from None to Lax by default, which presents some serious issues in specific cases. If your unsure which version to use please use the None version.

If you use any third-party redirect such as a payment gateway which POST back to your site, you will need to use SameSite None package.

Lax
Cookies are allowed to be sent with top-level navigations and will be sent along with GET request initiated by third party website. This is the default value in modern browsers.

Strict
Cookies will only be sent in a first-party context and not be sent along with requests initiated by third party websites.

None
Cookies will be sent in all contexts, i.e sending cross-origin is allowed.

None used to be the default value, but recent browser versions made Lax the default value to have reasonably robust defense against some classes of cross-site request forgery (CSRF) attacks.

Journal Themes
This extension is guaranteed to work out of the box.

Installation
VQMOD (OC 2.x) – Just drop the xml into your vqmod/xml folder
OCMOD (OC 2.x – 3.x) – install it via the OCMOD interface and that’s it!

Like what you see? Get in touch!

We have a very friendly service - Come and chat to us and let us know what you need, we work for an hourly fee and can also provide you a no obligation quote and begin work immediately in most cases. Click "Request Support" or use our Live Chat.

Request Support

SHARING IS CARING!
Facebooktwitterredditpinterestlinkedinmail

Additional information

Compatibility

2.0.0.0, 2.0.1.0, 2.0.1.1, 2.0.2.0, 2.0.3.1, 2.1.0.1, 2.1.0.2, 2.2.0.0, 2.3.0.0, 2.3.0.1, 2.3.0.2, 3.0.0.0, 3.0.1.1, 3.0.1.2, 3.0.2.0, 4.0.0.0_b, 3.0.3.0, 3.0.3.1, 3.0.3.2, 3.0.3.3, 3.0.3.5, 3.0.3.6, 3.0.3.7, 2.0.0.0, 2.0.1.0, 2.0.1.1, 2.0.2.0, 2.0.3.1, 2.1.0.1, 2.1.0.2, 2.2.0.0, 2.3.0.0, 2.3.0.1, 2.3.0.2, 3.0.0.0, 3.0.1.1, 3.0.1.2, 3.0.2.0, 4.0.0.0_b, 3.0.3.0, 3.0.3.1, 3.0.3.2, 3.0.3.3, 3.0.3.5, 3.0.3.6, 3.0.3.7, 2.0.0.0, 2.0.1.0, 2.0.1.1, 2.0.2.0, 2.0.3.1, 2.1.0.1, 2.1.0.2, 2.2.0.0, 2.3.0.0, 2.3.0.1, 2.3.0.2, 3.0.0.0, 3.0.1.1, 3.0.1.2, 3.0.2.0, 4.0.0.0_b, 3.0.3.0, 3.0.3.1, 3.0.3.2, 3.0.3.3, 3.0.3.5, 3.0.3.6, 3.0.3.7

Reviews

There are no reviews yet.

Be the first to review “SameSite Fix – Secure Cookies & Sessions (Strict, Lax, None)”

Your email address will not be published.