Paypal payment destroys Session on "Return"

时间:2015-06-26 09:31:45

标签: php session paypal session-variables session-cookies

This question has been asked before. But, I am still unable to find a solution.

I have integrated Paypal Payment into my website. I created and installed the "Payment Button" (the HTML code), and it works perfectly.

The problem, however, is that : after being re-directed to Paypal to make the payment, the user's session on my website is destroyed. Meaning : after payment is successful (or canceled by the user, whichever).......the "Return URL" does not work, because the user has been logged out.

I did contact paypal, of course; and, as I expected, they were next to useless (exactly as many people here have already attested to).

As I said earlier, this question has been asked before, here :

Anybody ever used PayPal Website Payments Standard with SESSION variables?

The answer proposed by "Woppi" in that thread seemed ok. But, when I tried it, it did not work. (of course, that thread is 3 years old).

I really don't know what else to do.

I should point out the following, however (this makes no difference, but I want to be as clear as possible) :

(a) On my website's "Log-Out Page", I have set all sessions to be destroyed :

     session_unset();

     unset($_SESSION['login']);
     unset($_SESSION['password']);

     session_destroy();

     session_write_close(); 

As far as I can see, there is nothing wrong with this code. It completely wipes out and destroys any and all sessions (which should be the case, shouldn't it? Otherwise, what is the point of logging out? )

(b) I do not have "Cookies" set anywhere (which may be part of the problem, although I am not sure). However, I do have these in my HTML header :

    <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
    <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
    <META HTTP-EQUIV="Expires" CONTENT="0">

(c) In the old thread (given above), it requires the value : $session_id;

At the beginning of every PHP page in my website, I have the :

   **<?php session_start();**

This has worked so far for me; I did not assign any specific ID anywhere else.

UPDATE

I am now using cookies in my PHP to try to resolve this problem;

At the top of the PHP payment form, I have this :

  <?php session_start();

  if (!(isset($_SESSION['login'])) {

  header ("Location: /example/access_denied");

  exit() ;
  }     

  $cookie_name = "user_paying";
  $cookie_value = $_SESSION['login'];
  $date_of_expiry = time() + 600 ;

  setcookie($cookie_name, $cookie_value, $date_of_expiry, '/', FALSE,TRUE);     

(I set cookies to expire after 10 minutes);

Then, in my "Return-Form" (where the user is re-directed after making payment in Paypal), I have this at the top :

 <?php session_start();

 if (!isset($_COOKIE['user_paying'])) {
 setcookie($cookie_name, $cookie_value, $date_of_expiry, '/', FALSE,TRUE); 
 }

 else {

 // etc, etc, etc..........code continues 

0 个答案:

没有答案