New Message Search Latest Redo
Web Connection
Redirection and Safari ITP
Gravatar is a globally recognized avatar based on your email address. Redirection and Safari ITP
  Marcel DESMET
  All
7BH07WPL7
  Nov 6, 2025 @ 03:41am
Reply

Hello, It seems Safari ITP blocked cookies in a cross-site redirect ( used for payments )

Ip tracking activity

Regarding Web Connection we use RESPONSE.FastWrite I suppose nothing changes with RESPONSE.redirect

Knowing this, I will program the callback differently, I did the check because some buyers weren't receiving some emails cfm. Global payment follow up is done with a rest server

Tks

Gravatar is a globally recognized avatar based on your email address. re: Redirection and Safari ITP
  Rick Strahl
  Marcel DESMET
7BH0KFNGO
  Nov 6, 2025 @ 09:32am
Reply

Cookies don't work across domains, period. So no amount of monkeying with requests will forward those cookies or provide them to another domain short of capturing and passing in some other way.

Gravatar is a globally recognized avatar based on your email address. re: Redirection and Safari ITP
  Marcel DESMET
  Rick Strahl
7BH0N24H2
  Nov 6, 2025 @ 10:45am
Reply

Tks for the reply

Except it works perfectly with firefox on windows.

We are on the same browser and the same domain for both urls Order_external_submit.jaz and order_callback.jaz on Greenshop.fr

With Safari users are disconnect when received the order_callback.jaz

In the log above you see Email when user is connected and session when disconnected

Marcel

Gravatar is a globally recognized avatar based on your email address. re: Redirection and Safari ITP
  Rick Strahl
  Marcel DESMET
7BH0NVLCL
  Nov 6, 2025 @ 11:08am
Reply

You said 'cross-site' redirects - that suggests a different domain? If not you may still have issues depending on how the cookie domain/virtual is defined.

You can check and see if the application is sending the cookie in the request log on the redirect.

Note that older version of Web Connection used to clear out headers including the cookie - that was changed a while back so headers are not cleared - only the content is in the wwPageResponse::Redirect() call. Can't remember when that was but sometime during v7 I think.

Note that this is only a Web Connection issue if the cookie is being set during the same request that does the Redirect(). If the cookie was previously created it'll be the browser that provide the cookie handling.

FWIW, whenever I need to make sure cookies are set I never redirect - I post back to the same page and then do a page refresh to a new page after a second or two - this ensures the cookie gets set locally (same as a non-direct login) and then goes to the other location. IOW, the cookie handling then is up to the browser entirely. This dates back to the days when cookies didn't work with Redirects at all and I still see weird inconsistencies due to browser policies when redirecting. This makes testing much easier because you don't have to explicitly login to test this - it works as long as the cookie was previously set.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Redirection and Safari ITP
  Marcel DESMET
  Rick Strahl
7BH17OUIW
  Nov 6, 2025 @ 08:23pm
Reply

Sorry for misunderstanding I'm still not very clear in English

VS Code IA comments for Safari

I add this code to payment gateway return method

			* Payment is loaded check session status
			lcSessionId = SESSION.GetSessionID()
			If lcSessionId <> loPaymentLog.odata.SessionId
				* Session is different restore session from payment log
				* This fixes Safari session loss after external server redirection
				SESSION.LocateSession(SESSION.cSessionID)
  				SESSION.SetSessionID(loPaymentLog.odata.SessionId)
				* Force a new Cookie to be written with that value when page is built
				RESPONSE.cAutoSessionCookieName = Config.cCookieName
				RESPONSE.cAutoSessionCookie = loCustomer.oData.UserID
				RESPONSE.lAutoSessionCookiePersist = .T.
			ENDIF
Gravatar is a globally recognized avatar based on your email address. re: Redirection and Safari ITP
  Marcel DESMET
  Rick Strahl
7BJ01OLA0
  Nov 8, 2025 @ 12:47am
Reply

Above Session code did not run

This code work's, the logic is :

I don't try to assign a old session Id to the cookie but recopy old session information to the new one. In my case cookie data is replicated in the user database.

			* Payment is loaded check session status
			lcSessionId = SESSION.GetSessionID()
			If lcSessionId <> loPaymentLog.odata.SessionId
				* Session is different will try to authenticate user from payment log
				loUserBus = oModels.Make_Model("Users")
				IF loUserBus.LoadFromCookieId(loPaymentLog.oData.UserID)
					PROCESS.AssignUserConnection(loUserBus.oData)							
				ENDIF 
			ENDIF
		ENDIF

		loHtmlPage = CREATEOBJECT("Html_Redirection_Page")
		loHtmlPage.cRedirUrl = [order_return.jaz?id=]+lcOrderId 	
		loHtmlPage.cPageTitle = oView.String("GRE_HELP3")
		loHtmlPage.cMessage = oView.String("CCV_CALLBACK_REDIRECTION")    
		lcHtml = loHtmlPage.Render()
		RETURN RESPONSE.FastWrite(lcHtml)

Fortunately, my code includes a redirection (waiting time for payment status response). Tested on my local computer with Firefox to send and google chrome to receive

My question is. Is it possible to implement this without a redirection, this code is put after session initialisation code so would this cookie data changes correctly reflected in the RESPONS ?

© 1996-2025