[ic] Problem Maintaining Session

Ed LaFrance interchange-users@interchange.redhat.com
Wed May 1 16:37:01 2002


At 01:07 PM 05/01/2002 -0400, you wrote:
>Problem: Accessing session data after an offsite transaction approval.
>
>This has been discussed frequently on the list but after hours of 
>searching for a definitive answer,
>I have not found one yet.
>
>I'm running IC 4.8.3 on an Ensim "powered" private server.
>Red Hat Linux release 6.0 (Hedwig)
>Perl 5.00503
>Memory handicapped, but this is just a staging server.
>
>The development store (demo) based on the foundation catalog is working 
>perfectly.
>I'm trying to implement a transaction clearing mechanism with our Canadian 
>company "InternetSecure"
>(mentioned a few times on the list as well but no one seems to have done 
>this one successfully).
>"IntenetSecure" is in essence a "Master Merchant" whith whom we have an 
>account and are processing
>transactions from other stores succesfully at this time. None of these 
>stores are based on IC.
>
>Similar to PayPal and others, we pass some required merchant and store 
>variables along with cart
>contents and shipping costs via product strings to InternetSecure, which 
>then captures the credit
>card information, calculates applicable taxes and does the authorization.
>We then have them fire back an approval string with their "post approval 
>script" (on approved
>transactions only) with all the pertinent data.
>
>We are attempting to process and complete the order with a special page 
>"postapproval.html" which
>essentially duplicates the functions of log_transaction, mail_receipt, 
>report etc.
>
>
>So far so good, we have all this working.
>
>Here is where I get stumped:
>
>Passing back the session id to a page which would then log the order and 
>fire off the necessary
>e-mails, is not working. A new session is always generated, hence we don't 
>have the "old" session
>data available. I have tried various suggested approaches.
>Sending back the the session id in the IC format
>http://serverurl/catalog/ord/postapproval?id=nnnnnnnn&etc&etc...:
>
>id appears to get ignored or stripped; [cgi id], [value id] are blank; 
>[data session id] shows a new
>session.
>
>Sending the session id to the processor and back as sessionvar=[data 
>session id] works; [cgi
>sessionvar] shows the proper session id.
>
>Using another suggested approach (courtesy MH) in conjunction with the 
>above of setting up "Variable
>MV_SESSION_ID sessionvar" in the catalog.cfg still gets me nowhere.
>
>If I plug the postapproval URL directly into a browser while I still have 
>a window open with my cart
>(http or https) works as expected and does the required post approval 
>processing. Doing the same
>with a different browser does not,
>Cookies seem to make this work and having the store run in secure mode 
>also seems to help.
>
>Any ideea as to how to make this work?

Calling a return URL to your store which contains a valid session ID string 
should work - I have written implementations which do this without fail. 
Something else is going on; perhaps the return  URL is being munged 
somehow; or perhaps IC refuses to recognize id=nnnnnnnn on a cookie-enbaled 
browser. Try building your return url as a form instead of a regular link, 
i.e.:

[seti return_url][area form="
                                 mv_todo=return
                                 mv_nextpage=ord/postapproval
                                 extra_var1=some_data
                                 extra_var2=more_data
"][/seti]

Then send [scratch return_url] to your payment processor with the other 
data. The session ID will be included automatically and should be 
recognized by IC on the return (and invoke-able with [data session id]).

- Ed L.




>Failing which, how can I get at the session values for a specific session.
>
>If worst comes to worst, and this is sure as heck not very elegant, I can 
>pass all the required
>session variables, user data, etc. to InternetSecure and back but they 
>won't guarantee to pass back
>any more then their own variables (in reality I have found that everything 
>comes back fine limited
>only by the length of the URL string).
>
>Any help greatly appreciated as I'm drawing a blank at this time.
>(I'm also not a programmer, so bear with me if I missed some ovious stuff).
>
>
>Bruno Cantieni
>
>
>###########################################
>Bruno Cantieni
>Digital Landscape - Cyboretum.com
>Web Applications * Web Hosting * e-Commerce
>http://www.digi-land.com
>http://www.cyboretum.com
>bruno@digi-land.com
>Phone/Fax: 905.668.2255
>
>
>
>
>
>
>
>_______________________________________________
>interchange-users mailing list
>interchange-users@interchange.redhat.com
>http://interchange.redhat.com/mailman/listinfo/interchange-users

===============================================================
New Media E.M.S.               Software Solutions for Business
463 Main St., Suite D          eCommerce | Consulting | Hosting
Placerville, CA  95667         edl@newmediaems.com
(530) 622-9421                 http://www.newmediaems.com
(866) 519-4680 Toll-Free       (530) 622-9426 Fax
===============================================================