- After being redirected by the payment link, the session logs out.
Steps to reproduce :
1. Login in Liferay.
2. Call the API in Postman.
Request parameters are attached (SSL Commerz Request Parameters.txt)
Request Type: x-www-form-urlencoded
3. Set a redirect url (success_url, fail_url, cancel_url) to a test private page.
4. Open GatewayPageURL from the response in the browser.
5. Click login and sign in with the pre-filled mobile number. Use OTP: 111111
6. Use any of the prefilled cards with CVV 111
Expected Behavior: Click on the success button to be redirected back to Liferay.
Observed Behavior: The user session will be logged out and the user will be redirected back to the login page.
- Liferay DXP 7.3 Fix Pack 1
The issue turns out to be that the browser does not send the saved cookies back to the portal with the request to http://localhost:8080/group/guest/test after returning from the payment site.
The reason for this is that in the current environment, the limitations of the default cookie behavior prevent proper cross-site usage.
To summarize, any cookies with the 'SameSite=none' value are 'filtered out' by the browser. (The default value is "SameSite=Lax.")
- Try the procedures below to overcome this issue:
1) Added <CookieProcessor sameSiteCookies="none"/> to the <context> element in tomcat/conf/context.xml.
Create a keystore file to store the server's private key and self-signed certificate by executing the following command:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
Uncomment and modify the "SSL HTTP/1.1 Connector" entry in $CATALINA_BASE/conf/server.xml
<!-- Define an SSL Coyote HTTP/1.1 Connector on port 8443 -->
scheme="https" secure="true" SSLEnabled="true"
3) Ensured to access/login to the portal via https and also set the redirect urls (success_url, fail_url, cancel_url) in Postman API call to https://localhost:8443/group/guest/test.
- Chrome requires some extra work to make testing with self-signed certificates work: https://www.linkedin.com/pulse/how-fix-chrome-neterrcertinvalid-priyanka-kumari