New requirements for web browser cookies
If your merchant website handles user status by means of a session cookie, your website is subject to the new cookie security policies and is impacted when you return to our payment page.
Indeed, the new measures specified by the IETF (Internet Engineering Task Force ), in particular measure 6265bis , mean that web browsers now block the issuing of third-party cookies (cookies added by your site) for the sending of our manual response in HTTP POST mode.
You need to upgrade your session cookie by explicitly adding the “SameSite=None; Secure” attributes during the cookie creation process.
The relevant interfaces are as follows:
- Office Server 2.0 (3-D Secure + means of payment with pages hosted on a non-Sips external server, for instance PayPal)
- Office Server 1.0 (3-D Secure)
- Payment 1.0
- Subscription 1.0
Otherwise, you are likely to lose the user session and you will not be able to display the payment result to them (which leads to returning to the login page, displaying an error page, etc., depending on your implementation).