when testing did you process a transaction by filling out the checkout page, then process another one using express checkout with out closing the browser between tests?
I bet the sessions created by the first test where still active when you placed the second test so where creating the double first name.
to prevent this you can destroy the session on the sucess page by adding the following code after the </html> tag:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
@session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
@setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
@session_destroy();
@session_regenerate_id();
?>