There have been a number of reports of an issue with payments using the redirect method in Magento. If your site is affected by the issue you will notice the following:
- After successful payment customer is redirected to an empty cart instead of the success page
- After a failed or cancelled payment the customer is correctly redirected back to their cart but the cart is empty
- A registered customer may be logged out after a payment (successful or not)
In our experience the issue is currently only occurs on Chrome (and chromium based) browsers. It is related to a change in default value for the SameSite cookie option (from None to Lax). This change causes the session to be lost after a redirect back from the payment processor in a standard Magento installation.
While this issue is not related or caused by our AlphaBank Payment Gateway extension, it affects sites using it. If your site is affected add the following lines to your .htaccess in order to workaround the issue:
<If "%{HTTP_USER_AGENT} !~ /(iPhone; CPU iPhone OS 1[0-2]|iPad; CPU OS 1[0-2]|iPod touch; CPU iPhone OS 1[0-2]|Macintosh; Intel Mac OS X.*Version\x2F1[0-2].*Safari|Macintosh;.*Mac OS X 10_14.* AppleWebKit.*Version\x2F1[0-3].*Safari)/i">
Header always edit Set-Cookie (.*) "$1; SameSite=None;Secure"
</If>We are still working on a better solution that will fix the issue while maintaining the added security of SameSite=Lax.
