[ic] How can I construct a full URL

Cameron B. Prince cameron@akopia.com
Sat, 28 Oct 2000 01:17:30 -0500

To create a url for passing the session, you'd append it to the url like:


So you could pass the session id to pocket pass with [data session id]. The
url they redirected to would need this appended on the url as above. You
could possibly pass the amount back as well and setup Interchange so that it
does a compare of the amount to the order total for that particular session,
and error out if they are different.

My question is where do you plan to submit the post that refers to

If you post to pocketpass vs. interchange on the checkout page, you will
loose any new or updated values.

If you do it on Interchange's receipt page, after the sale, you will have to
rely on the honesty of the users. They may have the possibility of mimicking
a proper hit to the success page and even passing the proper url back to
Interchange, bypassing pocketpass. This is if you have something reading
their return and marking the orders paid.

This may not be an issue if pocketpass has the ability to send a
notification email. I mean you would know not to complete an order if you
didn't get an email from Interchange and Pocketpass.

Also, what if pocketpass denies them? Then the sale would be stored and
marked as a pending order in Interchange. I guess the failpage could remove
the order and decrement the counter.

The security is all that concerns me with this. I mean you will be putting a
lot of dependance on the arguments passed back in the url... Example, user
is just messing around and he gets the fail page. What if he changes the
session id in the url to another active session and refreshes?

Let us know how it goes,



-----Original Message-----
From: interchange-users-admin@minivend.com
[mailto:interchange-users-admin@minivend.com]On Behalf Of Khai Doan
Sent: Friday, October 27, 2000 7:01 PM
To: interchange-users@minivend.com
Subject: [ic] How can I construct a full URL

Hi Cameron,

What I am trying to do is to construct a full URL for the success/failure
pages with sessionid embedded, and pass on to Pocketpass payment CGI
script.  Pocketpass payment CGI can redirect to success/fail page upon
successful/fail authorization from the customer.  If the customer is
redirected to a success page, then I need to save his order, and print the
receipt.  If he is redirected to a failure page, then I need to allow him
to choose different payment options.  Within the success page, I might have
to understand parameters that are pass back by the Pocketpass CGI.

Any hints on how I can accomplish all these?

(As I understand, Interchange can support visitors that have cookie
DISABLED browser, by constructing a full URL.  How do I construct a full
URL before hand?).


Interchange-users mailing list