Session information is getting destroyed after payment gateway posting

I am having a strange issue in one of my website. The session is getting destroyed (not everytime, randomly) when a callback is received from a payment gateway. Following is my code located at .../views/default/resources/payments/cancel.php 

Any idea why this is happening? As a temporary fix, i added a login check to forward the user accordingly, but that's not the right solution.

    $guid = elgg_extract('guid'$varsnull);  
        $error['failed_step'] = "rp_payment_canceled";
        $error['failure_message'] = "payment:cancelled";    
        $error['failed_time'] = time();
        $forwardURL = elgg_call(ELGG_IGNORE_ACCESS, function() use ($guid, $error) {
            $entity = get_entity($guid);
            $entity->payment_error = json_encode($error);
            $container = $entity->getContainerEntity();
                $url = $container->getURL();
            return $url ?? elgg_get_site_url();
  • You are saying your session is 'destroyed'. I think you should investigate if this is truly the case. You need to confirm if your session cookie is still available. If so, could there be a reason that the session is 'removed'? Sessions (and also the session cookie) have a limited lifetime. 

    There might also be another reason that the session is 'reset'. You can check that by looking at the identifier in the session cookie. If that changes, something reset the session. This normally only happens when a user logs in/out.

    Be aware that session data is not copied from a logged out user to a logged in user. So if you have done something in your session as a logged out user and that user logs in, he/she loses the session data (as a new session is generated on login). If you need logged out user session data transferred to the logged in user, you need to copy this somewhere in your code.

  • Hi Jeroen,

    This is not a login / logout issue. This is exactly how it happens

    1. User logs in to elgg website (normal user login)
    2. Logged in user clicking on the "Proceed to payment" button (within elgg site)
    3. This will submit the form to the payment gateway website, with a hidden callback url parameter (which is a url in elgg website)
    4. Once payment is processed / cancelled, payment gateway sends the userback to the callback url (in the same browser); but randomly the users cookie is getting changed and user is now logged out of the system.

    This is the exact problem they mentioned in the stackexchange webmaster link. Is this related with the same-site issue?