This article provides a solution and workaround for the issue, where customers get logged out or lose items from the shopping cart on the storefront, after being re-directed back to Magento store from payment or other third-party services (session cookie "gets lost").
Affected products and versions
Steps to reproduce:
- The customer adds products to cart on storefront and proceeds to checkout.
- The customer is redirected to the third-party site for payment/shipping or other information/service.
- The customer is redirected back to Magento.
Customer redirected to the empty shopping cart or a blank page.
Customer redirected to a success payment page (or other success page), without losing the checkout data and progress.
The SameSite cookie attribute is set to Lax or not specified (which is treated as set to Lax). Having
SameSite = Lax disables transferring a cookie to external URLs via
To solve the issue, contact the third-party service provider and request their developers update their integrations to configure cookie parameters.
To make your integration work while developers of the third-party service provider resolve the issue, you can set
SameSite value to None.
This can be done by configuring headers in Nginx or configuring this parameter via HTTP headers.
Magento does not recommend such modifications, because it might cause security issues and/or break PCI compliance. Magento recommends contacting the third-party developer who provides your payment platform and requesting changes to cookie settings configuration.