Anna Posted January 23, 2005 Posted January 23, 2005 Hello all I don't think this question is too difficult if you know the shopping cart, checkout & sessions well (i.e. much better than me!).... Instead of collecting credit card numbers I call a PSP from checkout_confirmation. On successful payment the PSP calls a modified (but recognisable!) checkout_process.php on my server. This checkout_process has something very similar to the usual: // avoid hack attempts during the checkout procedure by checking the internal cartID if (isset($cart->cartID) && tep_session_is_registered('cartID')) { if ($cart->cartID != $cartID) { tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL')); } } which successfully catches hacking attempts to modify the cart contents while at the PSP pages. My problem is that I cannot currently detect modification of the delivery address while at the PSP pages. I have tried tracing $cart->cartID & $cartID during the checkout pages but they seem empty :blink: , up until checkout_process where $cart->cartID is set IF there was a hack attempt (i.e. it is set successfully by the shopping cart functions), while $cartID seems to be set but is empty. I don't lose the cart contents or other aspects of the session. I have sessions in mysql &: Force Cookie Use True Check SSL Session ID False Check User Agent False Check IP Address False Prevent Spider Sessions True Recreate Session False I tried setting Recreate Session to true but that didn't seem to fix it. Been fighting with this too long. Can someone with a bigger brain please help?! Anna
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.