Skip to content
Advertisement

Is it possible to have session/cookies if the request comes from a different origin?

I am using a payment API. When I click on pay, it opens a new page in the browser, I do the payment on their platform and then, the user is redirected back to my website using a POST request. However, even if he was logged in when he quit my website, when he gets redirected back to my website and the origin is the payment platform, my user doesn’t seem to still be logged in. He isn’t logged out though, it’s

Is there a way to keep the session active even when the origin is not the current website? So, I am on domain A, I click to a link to get the payment on domain B and when the payment is done, I’m redirect to domain A with my authentication (session).

Thanks a lot!

Advertisement

Answer

It’s an issue with same site cookie configuration, mainly observed on chrome. You could try with SameSite=none with secure flag; change this in the session configuration file. Also make sure you use https.

User contributions licensed under: CC BY-SA
6 People found this is helpful
Advertisement