SameSite Fix – Secure Cookies & Sessions (Strict, Lax, None)


Recently browsers have decided to declare cookies by default as samesite=LAX which means any payment gateway that redirects away from your site for payment and then redirects back after payment will wipe out any and all cookies not declared as samesite=none.
This plugin primarily provides a way to fix this issue with our samesite=none option this will fix your issue.

£40.00

SKU: OC_SameSite

Description

Recently browsers have decided to declare cookies by default as samesite=LAX which means any payment gateway that redirects away from your site for payment and then redirects back after payment will wipe out any and all cookies not declared as samesite=none.
This plugin primarily provides a way to fix this issue with our samesite=none option this will fix your issue.

—————–

This plugin will apply secure flags on all cookies and the PHPSESSID session cookie for secure cookies under HTTPS – a common requirement of PCI DSS scanners.

Will make sure your cookies do not leak into HTTP and vise-versa.

This is now a requirement for PCI Compliancy, and also Chrome 80 will require “samesite=none, secure” on all cookies – https://github.com/GoogleChromeLabs/samesite-examples

Strict, Lax or None – SameSite Setting
the OCMOD version of this mod is split into 3 different packages, Strict, None and Lax.
Browsers recently changed default cookie behaviour from None to Lax by default, which presents some serious issues in specific cases. If your unsure which version to use please use the None version.

If you use any third-party redirect such as a payment gateway which POST back to your site, you will need to use SameSite None package.

Lax
Cookies are allowed to be sent with top-level navigations and will be sent along with GET request initiated by third party website. This is the default value in modern browsers.

Strict
Cookies will only be sent in a first-party context and not be sent along with requests initiated by third party websites.

None
Cookies will be sent in all contexts, i.e sending cross-origin is allowed.

None used to be the default value, but recent browser versions made Lax the default value to have reasonably robust defense against some classes of cross-site request forgery (CSRF) attacks.

Journal Themes
This extension is guaranteed to work out of the box.

Installation
VQMOD (OC 2.x) – Just drop the xml into your vqmod/xml folder
OCMOD (OC 2.x – 3.x) – install it via the OCMOD interface and that’s it!

Like what you see? Get in touch!

We have a very friendly service - Come and chat to us and let us know what you need, we work for an hourly fee and can also provide you a no obligation quote and begin work immediately in most cases. Click "Request Support" or use our Live Chat.

Request support

Additional information

Compatibility

2.0.0.0, 2.0.1.0, 2.0.1.1, 2.0.2.0, 2.0.3.1, 2.1.0.1, 2.1.0.2, 2.2.0.0, 2.3.0.0, 2.3.0.1, 2.3.0.2, 3.0.0.0, 3.0.1.1, 3.0.1.2, 3.0.2.0, 4.0.0.0_b, 3.0.3.0, 3.0.3.1, 3.0.3.2, 3.0.3.3, 3.0.3.5, 3.0.3.6, 3.0.3.7, 2.0.0.0, 2.0.1.0, 2.0.1.1, 2.0.2.0, 2.0.3.1, 2.1.0.1, 2.1.0.2, 2.2.0.0, 2.3.0.0, 2.3.0.1, 2.3.0.2, 3.0.0.0, 3.0.1.1, 3.0.1.2, 3.0.2.0, 4.0.0.0_b, 3.0.3.0, 3.0.3.1, 3.0.3.2, 3.0.3.3, 3.0.3.5, 3.0.3.6, 3.0.3.7, 2.0.0.0, 2.0.1.0, 2.0.1.1, 2.0.2.0, 2.0.3.1, 2.1.0.1, 2.1.0.2, 2.2.0.0, 2.3.0.0, 2.3.0.1, 2.3.0.2, 3.0.0.0, 3.0.1.1, 3.0.1.2, 3.0.2.0, 4.0.0.0_b, 3.0.3.0, 3.0.3.1, 3.0.3.2, 3.0.3.3, 3.0.3.5, 3.0.3.6, 3.0.3.7

Reviews

There are no reviews yet.

Be the first to review “SameSite Fix – Secure Cookies & Sessions (Strict, Lax, None)”

Your email address will not be published. Required fields are marked *

Related products

  • WorldPay (iFrame) with 3D Secure

    WorldPay (iFrame) with 3D Secure

    This WorldPay payment extension will replace the default OpenCart version but will implement 3D Secure authorization as well as submitting both the billing and shipping address for the 3D Secure checks.

    £110.00
  • Frequently Asked Questions / Accordion FAQ

    Frequently Asked Questions / Accordion FAQ

    Professional and elegant Frequently Asked Questions module with fully functional accordion effect.

    £40.00
  • Camera / WebCam Capture & Upload Product Option

    Camera / WebCam Capture & Upload Product Option

    With this plugin you can add a new product option “camera upload”. This option presents a button on a product which will directly capture an image from a camera device, such as phone camera or attached camera / webcam and will upload the image just like file upload works.

    £90.00
  • Shipping & Billing Telephone Number

    Shipping & Billing Telephone Number

    This module will add a telephone field to addresses, useful when you want a contact telephone number for shipping addresses either for you or for your courier.

    £50.00