add the following code to the checkout failure page:
<?php
if(!session_id()) session_start();
echo "<p>Express Authorize: <br />";
echo "Full Request: ".(isset($_SESSION["ECO_Auth_Request"])?htmlentities($_SESSION["ECO_Auth_Request"]):"n/a")."<br />";
echo "Full Response: ".(isset($_SESSION["ECO_Auth_Result"])?htmlentities($_SESSION["ECO_Auth_Result"]):"n/a")."<br /></p>";
echo "<p>Express Process: <br />";
echo "Full Request: ".(isset($_SESSION["ECO_Process_Request"])?htmlentities($_SESSION["ECO_Process_Request"]):"n/a")."<br />";
echo "Full Response: ".(isset($_SESSION["ECO_Process_Result"])?htmlentities($_SESSION["ECO_Process_Result"]):"n/a")."<br /></p>";
?>
This will write the full request and full response to the screen to help us troubleshoot.
NOTE: The full request and full response will contain sensitive information that should be removed before posting here.
2) the main difference between client and server validation, is that client validation can be disabled if the customer turns JavaScript off.
I always recommend using server validation.