Client Transaction over-riding a previous transaction in database.

2/26/2010 10:38 am | #1 wbrooks199805

I have clients making a transaction that goes to a database. After they make a transaction, the same client goes back to website and completes another order. The transaction goes to the database and over-rides the last transaction. I think its a cookie problem. What can I do to prevent this?

2/26/2010 1:31 pm | #2 Jason ByrnesWebAssist

add the following code after the closing </html> tag on your checkout success page:

php:

<?php

// Initialize the session.

// If you are using session_name("something"), don't forget it now!

session_start();



// Unset all of the session variables.

$_SESSION = array();



// If it's desired to kill the session, also delete the session cookie.

// Note: This will destroy the session, and not just the session data!

if (ini_get("session.use_cookies")) {

    $params = session_get_cookie_params();

    setcookie(session_name(), '', time() - 42000,

        $params["path"], $params["domain"],

        $params["secure"], $params["httponly"]

    );

}



// Finally, destroy the session.

session_destroy();

?>

2/26/2010 5:09 pm | #3 wbrooks199805

Getting this now:
Warning: Cannot modify header information - headers already sent by (output started at /home/content/w/e/b/webgirl09/html/checkout_success.php:23) in /home/content/w/e/b/webgirl09/html/checkout_success.php on line 414

3/02/2010 11:37 am | #6 wbrooks199805

No spaces in header

Hi, I looked it over and didn't find any spaces in the header and I am still getting error. Can you review please? I am attaching the checkout success page for you to help me unravel the mystery.

I am also attaching checkout and confirm pages because I have another question. I was also getting duplicates going to paypal and I thought it was because of the paypal code for the paypal express button? I had removed the button but not sure if I got all the code. I thought I did but my client is still getting duplicate orders in paypal. Can you look to see if I left any code there? Or what do you think it could be?

Thanks in advance,
Wendy

Attached Files

Archive.zip

3/02/2010 5:32 pm | #7 Jason ByrnesWebAssist

the success page you sent does not have the session destroy code on it, not does it have a line 414 where the error is being reported. it doesnt seam to be the copy of the page that is generating the error, but perhaps try this code for destroying the sessions instead:

php:

<?php 

// Initialize the session. 

// If you are using session_name("something"), don't forget it now! 

@session_start(); 



// Unset all of the session variables. 

$_SESSION = array(); 



// If it's desired to kill the session, also delete the session cookie. 

// Note: This will destroy the session, and not just the session data! 

if (ini_get("session.use_cookies")) { 

    $params = session_get_cookie_params(); 

    @setcookie(session_name(), '', time() - 42000, 

        $params["path"], $params["domain"], 

        $params["secure"], $params["httponly"] 

    ); 

} 



// Finally, destroy the session. 

session_destroy(); 

?>

I dont see any code for PayPal Express on either the checkout or confirm page.

For express checkout, the session destroy code will need to be added to the pp_checkout_success.php page as well.

3/04/2010 9:22 am | #8 wbrooks199805

destroy worked..

Ok that worked. Thx! Appreciate it!

I deleted the page pp_checkout_success.php. I am not using pp express at all. So there wasn't any code for pp express on the confirm or check out pages? Do you have any idea why paypal would charge twice? Is it the connection to paypal too slow? Is there anything i can do to fix that?

3/05/2010 3:08 pm | #9 Jason ByrnesWebAssist

the order is tied to the session ID.

It could be possible that the server is not generating a new session ID when the session is destroyed.

We can try to fix that by further modifying the session destroy code. in the following code, I am going to write the sessionId to the screen to verify that a new ID is being generated:

php:

<?php echo('old session_id = '.session_id().'<br />'); ?>

<?php  

// Initialize the session.  

// If you are using session_name("something"), don't forget it now!  

@session_start();  



// Unset all of the session variables.  

$_SESSION = array();  



// If it's desired to kill the session, also delete the session cookie.  

// Note: This will destroy the session, and not just the session data!  

if (ini_get("session.use_cookies")) {  

    $params = session_get_cookie_params();  

    @setcookie(session_name(), '', time() - 42000,  

        $params["path"], $params["domain"],  

        $params["secure"], $params["httponly"]  

    );  

}  



// Finally, destroy the session.  

session_destroy();  

session_start();

session_regenerate_id(true);

?>

<?php echo('new session_id = '.session_id().'<br />'); ?>

4/07/2010 11:15 am | #10 wbrooks199805

killing sessions but getting this code

this is another website but its with paypal and I am still getting duplicate orders. I have added a screen shot.

old session_id = a0382d16b39c912f8b118f5934a962d0

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Library/WebServer/Documents/phpMyAdmin-2.8.2.4/newsflhcc/checkout_success.php:22) in /Library/WebServer/Documents/phpMyAdmin-2.8.2.4/newsflhcc/checkout_success.php on line 535

Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot regenerate session id - headers already sent in /Library/WebServer/Documents/phpMyAdmin-2.8.2.4/newsflhcc/checkout_success.php on line 536
new session_id = a0382d16b39c912f8b118f5934a962d0

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

Client Transaction over-riding a previous transaction in database.

2/26/2010 10:38 am | #1 wbrooks199805