close ad
WARNING: Do Not Install the DREAMWEAVER CC 2017 or 2018 Update »
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Problem/ Question on accomplishing bank payment the right way

Thread began 9/24/2009 3:59 am by jajja | Last modified 9/25/2009 6:58 pm by Eric Mittman | 845 views | 3 replies |

jajja

Problem/ Question on accomplishing bank payment the right way

First of all, sorry for a long post and also sorry for my English, my mother tung is Swedish.

In the checkout process (asp, ecart 4) I gather the necessary information about the customer (name.asp). Then after hitting "Ok", on the next page (payment.asp) the user can, besides review the order, choose his/her own bank from the 4 bank-logos and upon clicking on one of these the user is taken to his/her bank to pay online for the purchase, these logos are submitting a form with a bunch of hidden fields. This is the only way for me to do it, it's by the bank's rules for online payment's. This means that this very page is the last page that I can influence in any way before the transaction is to be taken place (or rejected by the customer or the bank). This means that I have the order sent upon clicking one of these bank-logos. This is too early. It could be that the user chances his/her mind before making the transaction at the bank or maybe the transaction simply fails for other reasons.

I have tried to make this kind of work by sending another mail to the store owner when the customer is taken to the "thank you" -page after a successful payment. This mail includes some information of the payment embedded in the address bar which I'm able to pass on in the mail.
This is obvious not satisfactory as every order that comes in has to be checked against another mail.

Now the store owner insists that the order is sent only after a bank transfer has taken place.

I guess this would have to be done by NOT emptying the cart upon clicking on the bank logo on (payment.asp) and that the order would be sent at the "thank you" -page after a successful bank-transfer and then the cart would be emptied. But how? Is this possible? The payment is made outside of the site, isn't the session lost? I know I am ;)

Sign in to reply to this post

Eric Mittman

The fundamental issue at hand is getting a response from the bank that processed the transaction to confirm that he transaction has successfully occurred. If you are just sending the user to a thank you page then you are not able to confirm the status of the transaction and have no guarantee that it was successful.

This is usually handled by some type of secure post back from the bank. In this return post there should be a unique identifier for the order that will let you know what order the return post is for. The idea is that before you send the user off to the bank site you record the order in a database using the store order summary and store order details server behaviors. Then when the bank posts back with a successful transaction you would update this order record to indicate that it was successfully transacted. At that point you can send the user or store operator an email receipt to indicate the successful status.

Unless the banks have a way to post back the details like this it will not be possible for you to confirm that status of the transaction. Also, if the status is not posted back in real time you will not be able to indicate to the user the status at the time of the transaction, so sending them an email would be the only way to inform them.

This is obviously going to require further custom development on your behalf to implement, but you should start with any development guides you have for the banks to see if this type of post back is possible and determine how it is implemented.

Sign in to reply to this post

jajja

Session destroyed

Wow, sounds pretty challenging.

No way to do this using the session variable? I'm using cookie to store the session. I was wondering if it would be possible not to empty the cart upon leaving the site for the bank transfer. Then, back on the "thankyou -page", if the query string contains the right string telling that the transfer was successful (every bank has at least this feature) THEN I would send the order and empty the cart.

Wouldn't this be possible?

Sign in to reply to this post

Eric Mittman

If the success variable you are counting comes in from the URL then it is not a secure method of authenticating the transaction as a user could just visit the same page with the URL parameter set correctly to bypass the transaction process.

If you store the cart summary and details in your db you can use some type of order identifier that is passed back to repopulate the cart from a recordset that is filtered on the identifier that would be passed back. You could store your own identifier in a cookie and when the user is returned filter a recordset based on that identifier in the cookie. This will give you a recordset that you could then use to populate the cart.

Once the user leaves the site you will not have access to the session variables but you can access cookies that are not expired. You can have this implemented in just about any way you are comfortable with but unless you get some type of secure response from the bank confirming the status of the transaction you will not be able to confirm the status of the transaction with any certainty.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...