0

I am getting a weird ColdFusion Session loss issue when taking I am making a payment with a card payment on return to the website. this is happening on both versions ColdFusion 2016 / 2021

The transaction takes the user away from the site with a post goes to another website to get a 3dsecure token and then is returned to my website, then the session is completely lost. I have attached the CFID=xx&CFTOKEN=xxx&jsessionid=xxx to the return.

I am using samesite cookie, secure cookie and httponly cookies.

any help with be greatly appreciated.

Rob
  • 53
  • 1
  • 2
  • 9
  • 1
    You shouldn't need to include CFID/CFTOKEN/jsessionid as URL parameters, if the first and last URL are both on the same domain and both https, and you're not doing this in iframes/frames from a 3rd party domain, then the browser should send the original CFID/CFTOKEN/jsessionid using cookies in the request headers. Try again without those IDs as URL parameters. Look at the http request and response headers in your browser tools network tab and see what cookie headers are being sent back and forth, and whether there are any warnings. – Sev Roberts Feb 19 '21 at 10:00
  • Check `SameSite` attribute of the session cookie(s). If they are misconfigured (`strict`, but not `secure` or not `https`), the cookie will not be sent by the client. – Alex Feb 20 '21 at 02:58

0 Answers0