All geek questions in one place

Creation of an ordering and verification system that protects against changes in the basket during payment

So I have a multi-page checkout system that relies on sessions to store the contents of the shopping cart. I also use a third-party credit card processing system that displays the actual payment page on my servers. I just need to send a message to the page with the final result.

The problem that I foresee is that if someone clicks to go to the payment page, and then, for some legitimate or sinister reason, changes the contents of the shopping basket on another tab. I originally planned that when the hosted payment page is redirected back to my receipt page, I will then insert the order into my database. But, if the session is changed at this moment, the order will differ from the total cost.

What will be the solution to this problem. I see that this is a problem for all trolley systems, so I wonder how they do it.

Maybe when the user clicks the button to go to the posted payment page, I can make a temporary record of the order in the temp_order table in the database, and then, when the payment will be processed, can I transfer this temporary record to the permanent records table? This way, I am not inserting a record from the session information that has changed. But if I need to send a POST to the payment page, where can I save a shopping cart in the temp table?

In addition, the temp order ID must be unique for both temporary and permanent tables, since I don't want to overlap.

Finally, I need to frequently clear the temp order table, as they are only temporary entries. Some of them may fail, because the user can change his mind on the page of the payment posted.

I am really confused what I have to do!

+4
source share
3 answers

I do not see the need to create a separate table. Just add one column to the existing table, say payment_in_progress and analyze it when the customer sends the changes to the cart.

The requirement to clear unprocessed outdated orders remains

+2
source

If the payment system does not return control to your website before the final processing of the order, for example, like PayPal Express Checkout, there is no way to control the checkout process. One-way control systems really have to be one-way. Subsequent management is performed manually (by means of a payment receipt) or processed by server and server notifications.

Posting directly to the payment site will not give you any control after sending to another site. Probably the best scenario is that you submit the order to your website as a UNPAID order to your database, and then provide a page that says “You're almost done. Keep paying.” - At this stage, you also had to empty the buyer's basket so that they could not change anything about the process (which is already in your database). When the payment system is redirected to your site, you will simply search for the unpaid order and mark it paid. It would also be nice to check the payment amount, in case the user changes the POST data to pay less.

EDIT:
You may really need a solution for payment gateways that will give you more control over the checkout process. Your problems are real, but they are usually not dealt with appropriately using payment streams that send the user directly from your website without first setting up a server transaction.

+1
source

When the payment gateway returns only the amount received against the shopping basket, and if the amount received is less than the total amount, return it to the payment page, showing the remaining balance remaining before payment.

+1
source

Source: https://habr.com/ru/post/1436884/

More articles:


All Articles