Results 1 to 2 of 2
- 11-30-2010, 04:33 AM #1Member
- Join Date
- Nov 2010
- Rep Power
session suddenly gone after do online payment
Currently we have problem with our application that goes to online payment.
after do payment, the page that supposed to process after-payment thing checked no session and throw the user to login page.
functionally the process goes like this:
1. customer login, do fill in some data and amount. click 'proceed to payment'.
2. system redirect page to payment gateway system, throwing session id of the customer. and also send the after-successful-payment url.
3. customer fill in payment information and click 'submit' on the payment gateway page.
4. system redirect back to the original system, send notification (to make sure the original system still alive) and sending the passed session id.
5. original system will check the session id., proceess it, and send notification to payment gateway that the system still alive.
6. payment gateway receive the notification, do deduction, and resent the last information that the money has deducted.
7. original system check whether the session still alive, process the url and session id given from payment gateway and do another process (like generating the receipt, etc).
however, the last step in step 7, original system (our application) 'sometimes' check that the session already changed (it's printed out in log 4 j). therefore throw the customer to login page, asked for login again.
it's only happen in 1-2 customer local PC.
any idea what setting to be checked?
i have tried:
- change browser from IE to firefox.
- clean up temporary files.
- clean up jre temporary files.
nothing fix the problem. dunno whether the problem in the application or customer's local pc.
- 12-03-2010, 10:36 PM #2Member
- Join Date
- Dec 2010
- Rep Power
I will recommend not to use session id as the link between two systems. Session object is controlled by the application server sandbox and for any reasons if the browser send a new request (like a timeout) server will not recognize the session id and tell you that session has been killed.
I will recommend that you generate a unique Id (use GUID class) to get a 32-bit number and send that to the payment gateway. also, in your system store that guid in a persistent map (not in session) like a application cache and validate if this object is still active. if you do so, the step 7 will check against the object id and handle things clearly.
Also, if you use cache, you can still define timeouts (cache objects support than through configuration) and you can still carry forward most of the functionality.
- By ryuzog in forum New To JavaReplies: 25Last Post: 11-04-2010, 05:26 PM
- By rpetronejr in forum New To JavaReplies: 3Last Post: 07-04-2010, 01:37 AM
- By javastuden in forum EclipseReplies: 0Last Post: 01-21-2010, 05:43 AM
- By kd1516 in forum New To JavaReplies: 3Last Post: 10-23-2008, 05:23 AM
- By adlb1300 in forum Java 2DReplies: 1Last Post: 12-03-2007, 03:58 PM