Loosing Customer Session Data after credit card transaction.

[greenf7sp]

Good morning. First off I would like to say that I really don’t post much but the OSCommerce forums have really been VERY helpful to me so I am hoping someone will be able to point me in the correct direction.

 

I have a pretty much out of the box osCommerce 2.2-MS2 installation. Other than some graphic changes, I really haven’t modified the code at all. The problem I am having is that I am implemented a certain CC processor (goEmerchant) and after the user enteres his/her CC data after confirming their order, it sends the data to the processor like it should, but then when the user is automatically sent back to my www.mysite.com/products2/checkout_process.php file to do the order processing, they have to login and the order data is not processed like it needs to be. I log back in, and the data is still in the cart. I have narrowed down what is happening, but I don’t know how to fix. The customers session data is not being sent back or something. The very first conditional of the checkout_process.php file re-directs the user back to the login page because it cannot recognize their session.

 

Now, the CC data is properly being sent and processed to the processor (goEmerchant) because I can login and see test data as well as CC data. I can even settle the transactions if I want, so I know that part is working.

 

Here are the parameters that are being passed to my processor:

 

<form name="checkout_confirmation" action="https://secure.goemerchant.com/secure/gateway/direct.aspx" method="post">

<input type="hidden" name="Merchant" value="12345">

<input type="hidden" name="Cardnum1" value="4111">

<input type="hidden" name="Cardnum2" value="1111">

<input type="hidden" name="Cardnum3" value="1111">

<input type="hidden" name="Cardnum4" value="1111">

<input type="hidden" name="Operation_type" value="auth">

<input type="hidden" name="Cardname" value="Visa">

<input type="hidden" name="CardexpM" value="07">

<input type="hidden" name="CardexpY" value="07">

<input type="hidden" name="total" value="19.99">

<input type="hidden" name="OrderID" value="bmp031007469">

<input type="hidden" name="URL" value="http://www.mysite.com/products2/checkout_process.php">

<input type="hidden" name="NameonCard" value="John Doe">

<input type="hidden" name="Cardstreet" value="123 Anywhere Street">

<input type="hidden" name="Cardcity" value="Chicago">

<input type="hidden" name="Cardstate" value="Illinois">

<input type="hidden" name="Cardzip" value="60111">

<input type="hidden" name="Customer ID" value="2">

<input type="hidden" name="Cardcountry" value="United States">

<input type="hidden" name="x_fp_sequence" value="642">

<input type="hidden" name="x_fp_timestamp" value="1173534838">

<input type="hidden" name="x_fp_hash" value="66565c3cc92fadd4705846746000587f">

<input type="hidden" name="osCsid" value="8b1901204499fa84a6d95d7944958169">

<input type="image" src="includes/languages/english/images/buttons/button_confirm_order.gif" border="0" alt="Confirm Order" title=" Confirm Order ">

</form>

 

Please point me in the right direction. I have used other processors before and have never had this problem of getting the store to recognize the session after the CC data.

 

Thanks in advance,

Nick

[Guest]

Good morning. First off I would like to say that I really don’t post much but the OSCommerce forums have really been VERY helpful to me so I am hoping someone will be able to point me in the correct direction.

 

I have a pretty much out of the box osCommerce 2.2-MS2 installation. Other than some graphic changes, I really haven’t modified the code at all. The problem I am having is that I am implemented a certain CC processor (goEmerchant) and after the user enteres his/her CC data after confirming their order, it sends the data to the processor like it should, but then when the user is automatically sent back to my www.mysite.com/products2/checkout_process.php file to do the order processing, they have to login and the order data is not processed like it needs to be. I log back in, and the data is still in the cart. I have narrowed down what is happening, but I don’t know how to fix. The customers session data is not being sent back or something. The very first conditional of the checkout_process.php file re-directs the user back to the login page because it cannot recognize their session.

 

Now, the CC data is properly being sent and processed to the processor (goEmerchant) because I can login and see test data as well as CC data. I can even settle the transactions if I want, so I know that part is working.

 

Here are the parameters that are being passed to my processor:

 

<form name="checkout_confirmation" action="https://secure.goemerchant.com/secure/gateway/direct.aspx" method="post">

<input type="hidden" name="Merchant" value="12345">

<input type="hidden" name="Cardnum1" value="4111">

<input type="hidden" name="Cardnum2" value="1111">

<input type="hidden" name="Cardnum3" value="1111">

<input type="hidden" name="Cardnum4" value="1111">

<input type="hidden" name="Operation_type" value="auth">

<input type="hidden" name="Cardname" value="Visa">

<input type="hidden" name="CardexpM" value="07">

<input type="hidden" name="CardexpY" value="07">

<input type="hidden" name="total" value="19.99">

<input type="hidden" name="OrderID" value="bmp031007469">

<input type="hidden" name="URL" value="http://www.mysite.com/products2/checkout_process.php">

<input type="hidden" name="NameonCard" value="John Doe">

<input type="hidden" name="Cardstreet" value="123 Anywhere Street">

<input type="hidden" name="Cardcity" value="Chicago">

<input type="hidden" name="Cardstate" value="Illinois">

<input type="hidden" name="Cardzip" value="60111">

<input type="hidden" name="Customer ID" value="2">

<input type="hidden" name="Cardcountry" value="United States">

<input type="hidden" name="x_fp_sequence" value="642">

<input type="hidden" name="x_fp_timestamp" value="1173534838">

<input type="hidden" name="x_fp_hash" value="66565c3cc92fadd4705846746000587f">

<input type="hidden" name="osCsid" value="8b1901204499fa84a6d95d7944958169">

<input type="image" src="includes/languages/english/images/buttons/button_confirm_order.gif" border="0" alt="Confirm Order" title=" Confirm Order ">

</form>

 

Please point me in the right direction. I have used other processors before and have never had this problem of getting the store to recognize the session after the CC data.

 

Thanks in advance,

Nick

In the absenxe of other ideas, why not change

value="http://www.mysite.com/products2/checkout_process.php">

to

value="https://www.mysite.com/products2/checkout_process.php">

assuming that you are using ssl.

[greenf7sp]

We currently don't have SSL but are in the process of getting the certificate. Is this what could be causing the issue? Can you not pass the same session variables from http to https back to http in the same browser window? I have wondered about this.

[Guest]

We currently don't have SSL but are in the process of getting the certificate. Is this what could be causing the issue? Can you not pass the same session variables from http to https back to http in the same browser window? I have wondered about this.

Probably not, unless goEmerchant expects you to have it. The session variables seem to be getting lost. I am not familar with goEmerchant, so I cannot help there. Their site should have details about how to implement an OSC store.

 

Personally, because you are getting personal info from a customer, I would expect that you have ssl so that my personal details are encrypted.

[greenf7sp]

That is what I was thinking too but I have searched up and down and even contacted their support about an osCommerce integration and no luck. I am 99.9% sure it is losing the session variables, but I am not as versed in the osCommerce code as others on here. I was hoping someone would be able to help me trouble shoot my problem.

 

Thanks for your help and quick responses Coopco! :thumbsup:

[Guest]

try changing:

<input type="hidden" name="URL" value="http://www.mysite.com/products2/checkout_process.php">

 

to

 

<input type="hidden" name="URL" value="<?php echo tep_href_link('http://www.mysite.com/products2/checkout_process.php',tep_session_name().'='.tep_session_id()); ?>">

so that the session variable is coded into the return link (it may appear twice but that's better than none)

 

Tom

[greenf7sp]

AWESOME! Thanks for your help! It worked perfectly and now the transactions are coming back to the store like they need to and completing the order like they should.

 

I had to modify this line in the goemerchant.php file:

 

From:

tep_draw_hidden_field('URL', tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', false))

|

|

|

\/

 

To:

tep_draw_hidden_field('URL', tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', false) . '?'. tep_session_name().'='.tep_session_id())

 

Again, thanks for your help!

Nick

Edited March 11, 2007 by greenf7sp

[Guest]

that line could actually be simplified a little more:

from

tep_draw_hidden_field('URL', tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', false) . '?'. tep_session_name().'='.tep_session_id())

to

tep_draw_hidden_field('URL', tep_href_link(FILENAME_CHECKOUT_PROCESS, tep_session_name().'='.tep_session_id(),'SSL',false))

 

Tom

[AlexStudio]

Since the sessions worked when you add the osCsid in the url, you have your cookie domain setting wrong in includes/configure.php

 

Try to set your cookie domain to '.mysite.com' (2 dots).

 

With correct cookie domain setting, the code should work with or without session ID in the url.