Solving Opencart samesite cookie problem Google Chrome on Windows

Solving Opencart samesite cookie problem Google Chrome on Windows

This article shows how to solve the 'samesite' cookie in issue in Opencart when using Microsoft Windows and Google Chrome or Edge with a simple VQMod modification.

After the latest update of Google Chrome (version 87.0.4280.88) our customer was not able to login to the admin of Opencart (version 3.0.3.6) without being thrown out everytime she wanted to add media to a product.

I couldn't reproduce the problem at first, while the customer works with Microsoft Windows and I am using Linux Ubuntu. The same disappointing resulting occured with the Microsoft Edge browser which is using the same webkit as Google Chrome.

After some searching on Google the following solution worked for us. I must say that the Opencart runs on a server with PHP version 7.3.

The solution below doesn't work with a PHP version lower than 7.3.

The problem

The problem that occurs was that the since now apparently required samesite and secure options have to be included when using Google Chrome (on Windows that is).

VQMod modification

I used VQMod modification manager to make a new modification changing the following files:

  • system/framework.php
  • catalog/controller/startup/session.php

The following code worked for me to keep a persistant cookie with the samesite attrubute checked.

You place the following code under a self chosen name like samesite-cookie-persistent.xml in the vqmod/xml folder in the root of your Opencart installation.

Don't use this if you don't have the VQMod plugin installed.
<?xml version="1.0" ?>

<modification>
    <id>Framework and catalog session samesite cookie</id>
    <vqmver>2.5.0</vqmver>
    <version>1.0</version>
    <author>J.J. van de Merwe</author>

    <file name="system/framework.php" error="log">
        <operation>
            <search position="replace">
                <![CDATA[
    setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
                ]]>
            </search>
            <add action="after">
                <![CDATA[
    // ### Modified code: your-filename.xml ###             
    setcookie(
        $config->get('session_name'),
        $session->getId(),
        [
            'expires'  => ini_get('session.cookie_lifetime'),
            'path'     => ini_get('session.cookie_path'),
            'domain'   => ini_get('session.cookie_domain'),
            'secure'   => true,
            'httponly' => true,
            'samesite' => 'None'
        ]
    );
    // ### (End) Modified code ###
                ]]>
            </add>
        </operation>
    </file>

    <file name="catalog/controller/startup/session.php" error="log">
        <operation>
            <search position="replace">
                <![CDATA[
            setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
                ]]>
            </search>
            <add action="after">
                <![CDATA[
            // ### Modified code: your-filename.xml ###   
            setcookie(
                $this->config->get('session_name'),
                $this->session->getId(),
                [
                    'expires'  => ini_get('session.cookie_lifetime'),
                    'path'     => ini_get('session.cookie_path'),
                    'domain'   => ini_get('session.cookie_domain'),
                    'secure'   => true,
                    'httponly' => true,
                    'samesite' => 'None'
                ]
            );
            // ### (End) Modified code ###
                ]]>
            </add>
        </operation>
    </file>
</modification>
5 Comments
Loukas
Loukas
1 week ago
Hello, for oc. 2.3.0.2 and php 7.1?
Johan
1 week ago
No, I did this for version 3 of Opencart. I am not using version 2 anymore.
Constantine
Constantine
1 week ago
Hello,

I get the following notices:
Warning: setcookie() expects parameter 3 to be integer, array given in .../public_html/vqmod/vqcache/vq2-system_framework.php on line 120
Warning: setcookie() expects parameter 3 to be integer, array given in .../public_html/vqmod/vqcache/vq2-catalog_controller_startup_session.php on line 37
Johan
1 week ago
Are you using PHP 7.2 or even a lower version? This mod works starting with PHP 7.3
Constantine
Constantine
1 week ago
I am using PHP Version 7.2.34, I will upgrade and get back to you

your email address will not be published. required fields are marked *

More from same category