SameSite attribute for Cookies / Hosted Pay page solution ?

Our website doesn't set cookies, and no magic have we found to enable or mitigate this through our site by enabling this behaviour on our site.

The problem is that no Chromium based browsers are working, this behaviour to drop cookies that are not set with "secure and Samesite=None" has been adopted across the board. All customers are met with is a gloriuos "array" message on a blank page.


I am pretty sure this is the same issue: does not set these attributes for its cookies as of today, how come?

Tech support and developement has been silent on this and no mention or updates for anything on how to mitigate this! Not sure if it is our problem to fix especially given the fact that these features were enabled on our site and it still will not work in a Chromium based Browser.

  • Yes, I am also facing the same issue. Moneris Payment Redirection works perfectly on Firefox. But in chrome, this does not work and the session is lost.
  • In reply to realariful:

    This one is not as it seems, you probably have a referring site entered in the security settings in your hosted paypage setup. Not sure what Chrome is doing differently, I beleive they are stripping the http and slashes only leaving the base host like "". You remove the site urls entered and it will work for Chrome and Chromium based browsers. I hope you have Data preload and image Re-captcha Version 2 or 3 on your site, that right there should be enough to deter card testing. I have also installed a honeypot on the site as well.
  • In reply to tleadley:

    tleadley's suggestion worked for me. I thought I had to set the cookies to have SameSite=None. But I just removed all the referring site entries and that allowed the Chrome browser to work again.
  • In reply to RoyScarisbrick:

    We don't have any referring site entries, but still it is not working in chrome. When I disable the "reduced-referrer-granularity" flag in chrome the page works fine. Any idea how to resolve this please