I am using a payment API. When I click on pay, it opens a new page in the browser, I do the payment on their platform and then, the user is redirected back to my website using a POST request. However, even if he was logged in when he quit my website, when he gets redirected back to my website and the origin is the payment platform, my user doesn’t seem to still be logged in. He isn’t logged out though, it’s
Is there a way to keep the session active even when the origin is not the current website? So, I am on domain A, I click to a link to get the payment on domain B and when the payment is done, I’m redirect to domain A with my authentication (session).
Thanks a lot!
Advertisement
Answer
It’s an issue with same site cookie configuration, mainly observed on chrome. You could try with SameSite=none with secure flag; change this in the session configuration file.
Also make sure you use https.