Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

module: proxypay (with redirection) - lost sessions


somo

Recommended Posts

Hello all,

 

Here is an issue with a Proxypay payment module that works with redirection. Contribution can be found here: http://addons.oscommerce.com/info/4342/ ("Proxypay3 v2.0").

 

The way the module works is that after the transaction is completed at the merchant's side, the customer should be redirected to an OK (or NOTOK) page, back in my osc catalog. Instead of that, customer gets logged out of the shop and the shop's index page appears. When he logs in again, the products are still in the cart, there is no email notification sent etc, the transaction appears nowhere.

 

When a user checks out, the transaction works fine in the merchant side. The transactions are stored in my bank account's backoffice application, can be processed, etc.

 

As to the module's nature, i'm aware i have to use cookies=on, but whenever i enable the "force cookies on" option, i can't login to the shop as a customer and the cookie_usage.php appears (i've tried to modify i.e.'s security settings but it's always there).

 

According to similar topics in this forum, it probably refers to a lost sessions issue.

The difference in this case is that i have the same problem whether i enable or disable the ssl certificate (which is a shared one and the host is LYPHA).

 

In previews topics, users faced this by using a shared ssl. In this case, the same problem appears even without the ssl option being enabled.

 

The general structure of the process is shown below :

1. customer enters the shop, session data is stored in the database.

2. customer checks out, is redirected to the proxypay bank page where enters the cc details (bank produces its own different session).

3. customer presses comfirm button, the session should be restored from the database and the transaction finalized is osc (order should be registered through checkout_proccess.php).

 

As discussed with the bank stuff, they send me back the data without their own id that is produced for their own purposes.

They also get a 200 http header, everytime time they post data back to me (and not a 302 one).

 

I don't know how to make sure that at the confirmation step (no3 above), the session id remains the same so that sessions are not dropped.

 

I've also tried all possible combinations under the sessions config environment, all to no avail.

The only standard is that i have to use "force cookies on".

I'm also aware of the various tricks used in the two configure.php files, tried many different configuration scenarios.

Issue takes place in both ie and firefox.

 

At the moment i've disabled the use of ssl.

 

My current sessions setup is as follows :

 

Session Directory /tmp

Force Cookie Use True

Check SSL Session ID False

Check User Agent False

Check IP Address False

Prevent Spider Sessions True

Recreate Session True

 

 

My current configuration is as follows :

 

- catalog/includes/configure.php

 

define('HTTP_SERVER', 'http://company.com/catalog');

define('HTTPS_SERVER', 'https://server.secureguards.com/~username/catalog');

define('ENABLE_SSL', 'false');

define('HTTP_COOKIE_DOMAIN', 'www.company.com/catalog');

define('HTTPS_COOKIE_DOMAIN', 'server.secureguards.com/~username/catalog');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

 

- catalog/admin/includes/configure.php

 

define('HTTP_SERVER', 'http://company.com/catalog');

define('HTTP_CATALOG_SERVER', 'http://company.com/catalog');

define('HTTPS_CATALOG_SERVER', 'https://server.secureguards.com/~username/catalog');

define('ENABLE_SSL_CATALOG', 'false');

define('DIR_FS_DOCUMENT_ROOT', '/home/username/public_html/catalog');

 

 

 

I'd appreciate any idea on this issue.

Link to comment
Share on other sites

Just an update, i've managed to pass the login problem, i still have ssl=disabled.

So, as stated before, the customer is redirected to the bank url where enters the creditcard details.

By pressing "confirm" the bank redirects the customer back on my oscommerce site, to an "OK" or "NOT_OK" page.

Now, in case of an invalid credit card, the page "NOT_OK" that he's redirected is the one shown below.

 

 

eurobank_nok.php :

 

<?php

require('includes/application_top.php');
require(DIR_WS_LANGUAGES . $language . '/modules/payment/eurobank.php');

if(isset($_REQUEST['Var1']) && $_REQUEST['Var1'] !=''){
$osCsid = $_REQUEST['Var1'];
} else {
$tm_ref = $_REQUEST['Ref'];
$sid_query = tep_db_query("select sessionid from eurobank_data where ref='".$tm_ref."'");
while ($tm_sid = tep_db_fetch_array($sid_query)) {
$osCsid = $tm_sid['sessionid'];
}
}

$SID="osCsid=$osCsid";

$error = MODULE_PAYMENT_EUROBANK_TEXT_ERROR_GENERAL;
$payment_error_return = 'osCsid='.$osCsid.'&payment_error=eurobank&error=' . urlencode($error);

tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, $payment_error_return, 'SSL', true, false));
?>

 

 

'Var1' is the session id that the bank receives and sends back with a $_POST

'Ref' is the merchant reference number used by the bank to identify my company.

According to the code above, the customer should be directed to the checkout_payment.php file with the following message (MODULE_PAYMENT_EUROBANK_TEXT_ERROR_GENERAL) attached on the header :

 

"Your transaction is not approved and the transaction was not completed. Please try again or use another credit card.", which is defined in "DIR_WS_LANGUAGES . $language . '/modules/payment/eurobank.php'".

 

Instead of that, the customer is again redirected to the index.php page, the only difference now is that he remains logged in and of course the item is still in the cart.

 

Does anyone know why the above code gives such an output, what is the cause of this wrong functionality?

Link to comment
Share on other sites

  • 4 months later...
Hello all,

 

Here is an issue with a Proxypay payment module that works with redirection. Contribution can be found here: http://addons.oscommerce.com/info/4342/ ("Proxypay3 v2.0").

 

The way the module works is that after the transaction is completed at the merchant's side, the customer should be redirected to an OK (or NOTOK) page, back in my osc catalog. Instead of that, customer gets logged out of the shop and the shop's index page appears. When he logs in again, the products are still in the cart, there is no email notification sent etc, the transaction appears nowhere.

 

When a user checks out, the transaction works fine in the merchant side. The transactions are stored in my bank account's backoffice application, can be processed, etc.

 

As to the module's nature, i'm aware i have to use cookies=on, but whenever i enable the "force cookies on" option, i can't login to the shop as a customer and the cookie_usage.php appears (i've tried to modify i.e.'s security settings but it's always there).

 

According to similar topics in this forum, it probably refers to a lost sessions issue.

The difference in this case is that i have the same problem whether i enable or disable the ssl certificate (which is a shared one and the host is LYPHA).

 

In previews topics, users faced this by using a shared ssl. In this case, the same problem appears even without the ssl option being enabled.

 

The general structure of the process is shown below :

1. customer enters the shop, session data is stored in the database.

2. customer checks out, is redirected to the proxypay bank page where enters the cc details (bank produces its own different session).

3. customer presses comfirm button, the session should be restored from the database and the transaction finalized is osc (order should be registered through checkout_proccess.php).

 

As discussed with the bank stuff, they send me back the data without their own id that is produced for their own purposes.

They also get a 200 http header, everytime time they post data back to me (and not a 302 one).

 

I don't know how to make sure that at the confirmation step (no3 above), the session id remains the same so that sessions are not dropped.

 

I've also tried all possible combinations under the sessions config environment, all to no avail.

The only standard is that i have to use "force cookies on".

I'm also aware of the various tricks used in the two configure.php files, tried many different configuration scenarios.

Issue takes place in both ie and firefox.

Hello,

I have got exact the same problem,

I use osCommerce v2.2 RC2. oschellas said that he have not tested the script with this version of osCommerce. So, I think that proxypay3D for Eurobank - so as it is now - just does'nt work well with osCommerce v2.2 RC2

Link to comment
Share on other sites

  • 1 year later...

Hi guys,

 

On eurobank_ok.php and eurobank_nok.php files, locate this line:

 

$tm_ref = $_REQUEST['Ref'];

and change the

'Ref'

to

'ref'

 

I had the same problem and I was trying to figure out what the heck is not working for days. Finally I found it, after I have created a logging mechanism to print messages and variables of my e-shop to a LOG file. Anyway, after the above change, I am redirecting to the CORRECT pages (and NOT index.php) which are:

 

If OK, checkout_process.php

If NOT OK, checout_payment.php

 

The problem was that the eurobank_ok and eurobank_nok pages could not get the correct Ref number returned from Proxypay on the request and therefore could not query the database correctly to retrieve the session id.

 

Hope that helps!

:D <-- happy developer

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...