PayPal PayFlow Hosted Same Site Session Error
Recent changes to Chrome has meant the PayPal PayFlow Hosted version no longer works on many osCommerce sites. This is due to how browser sessions are handled.
While it looks like the hosted payment is done on the same site, the code is actually an iframe, which means the payment is being processed on the PayPal site. Chrome does not recognize this as same-site in terms of sessions. After payment, the customer session is lost and the customer is asked to log in again. They log in and repeat checkout causing multiple payments to be made. Not unnaturally, they are annoyed.
We were not able to find a patch that worked around this issue. If you wish to research it this link might help.
The best fix is to move away from the Hosted version and use the Direct version to avoid this issue on Chrome.