[ic] Problem Maintaining Session

Wed May 1 13:00:01 2002

Problem: Accessing session data after an offsite transaction approval.

This has been discussed frequently on the list but after hours of searching for a definitive answer,
I have not found one yet.

I'm running IC 4.8.3 on an Ensim "powered" private server.
Red Hat Linux release 6.0 (Hedwig)
Perl 5.00503
Memory handicapped, but this is just a staging server.

The development store (demo) based on the foundation catalog is working perfectly.
I'm trying to implement a transaction clearing mechanism with our Canadian company "InternetSecure"
(mentioned a few times on the list as well but no one seems to have done this one successfully).
"IntenetSecure" is in essence a "Master Merchant" whith whom we have an account and are processing
transactions from other stores succesfully at this time. None of these stores are based on IC.

Similar to PayPal and others, we pass some required merchant and store variables along with cart
contents and shipping costs via product strings to InternetSecure, which then captures the credit
card information, calculates applicable taxes and does the authorization.
We then have them fire back an approval string with their "post approval script" (on approved
transactions only) with all the pertinent data.

We are attempting to process and complete the order with a special page "postapproval.html" which
essentially duplicates the functions of log_transaction, mail_receipt, report etc.

So far so good, we have all this working.

Here is where I get stumped:

Passing back the session id to a page which would then log the order and fire off the necessary
e-mails, is not working. A new session is always generated, hence we don't have the "old" session
data available. I have tried various suggested approaches.
Sending back the the session id in the IC format
http://serverurl/catalog/ord/postapproval?id=nnnnnnnn&etc&etc...:

id appears to get ignored or stripped; [cgi id], [value id] are blank; [data session id] shows a new
session.

Sending the session id to the processor and back as sessionvar=[data session id] works; [cgi
sessionvar] shows the proper session id.

Using another suggested approach (courtesy MH) in conjunction with the above of setting up "Variable
MV_SESSION_ID sessionvar" in the catalog.cfg still gets me nowhere.

If I plug the postapproval URL directly into a browser while I still have a window open with my cart
(http or https) works as expected and does the required post approval processing. Doing the same
with a different browser does not,
Cookies seem to make this work and having the store run in secure mode also seems to help.

Any ideea as to how to make this work?
Failing which, how can I get at the session values for a specific session.

If worst comes to worst, and this is sure as heck not very elegant, I can pass all the required
session variables, user data, etc. to InternetSecure and back but they won't guarantee to pass back
any more then their own variables (in reality I have found that everything comes back fine limited
only by the length of the URL string).

Any help greatly appreciated as I'm drawing a blank at this time.
(I'm also not a programmer, so bear with me if I missed some ovious stuff).

Bruno Cantieni

###########################################
Bruno Cantieni
Digital Landscape - Cyboretum.com
Web Applications * Web Hosting * e-Commerce
http://www.digi-land.com
http://www.cyboretum.com
bruno@digi-land.com
Phone/Fax: 905.668.2255