keeping a session after going off site to purchase

[richard]

Hi there,

I have a problem that is probably very simple but I need a solution
quite quickly.. usual stuff... new to .net etc but would appreciate a
heads up...

I have a user logged in to my site and they can go off to world pay to
purchase their items.. Worldpay have a callback procedure which is
working fine.. I then return an HTML page for them to display and this
page has a link that should take the user back to their home page
after the transaction has completed.

The problem is that when this link is clicked it actually takes me to
the login page of my site (ie my site now thinks that this is a new
user). It has lost something on this "click". I noticed that
Request.IsAuthenticated is set false at this point!! I have trawled
the groups and either am not putting the correct keywords or I am
having a funny 5 minutes...

As an aside... is this something to do with the session being lost..
can I send the session in the URL (used to do PHP and SESS_ID could be
used) and will it pick this up automatically?

Really appreciate any help

Cheers

Rich

 

[DotNet Coder]

Hi Richard,

You can do that very same thing with .Net. What you need to do is turn on
cookie-less Sessions. Then, by default, ASP.NET will use the SessionID in
the querystring.

Please see this link:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconSessionState.asp

HTH,
DotNet Coder

 

[rgparkins]

Thanks for the reply... as you suggested I set the cookieless option in
the config file.. unfortunately the site that has been designed (that I
am taking the reigns from) failed drastically with this set....

I solved the problem in the end by doing the following, so I hope this
helps someone in the future.

1. Stored the username password against the session in in the database.
2. Sent the session id across to worldpay in a defined variable.
3. This variable is sent back in the callback therefore I can spit back
an HTML stream to worldpay with a session id referenced in my page.
4. User clicks the link on the page and this in fact goes to a
predefined httphandler that validates the sessionid by going back to
the database to log the user in automatically.

Phew... Works well and solved the problem...

Again thanks for the reply...

Cheers

Rich

 

[DotNet Coder]

Glad to hear it!

Enjoy!
~d

 

[richard]

Hi Paul

Yip, I was using the Junior Pro version of the cart..

And they allow you on a callback to pass variables to the call back
that they will return back to you when the user has cancelled/paid for
the goods..

So... What I did which may or may not be what you need is this.

I had my payment page pass the session id to the world pay hander
along with all the relevant user data like price, currency,
description of goods, cart number..... However on the call to their
payment page I store the username and password aganst the session id
in a table in the database (for later use).

The client then proceeds with the payment or cancels and returns to
the url defined in the account (this is set on the worldpay admin
pages). This URL is in fact an HTTP Handler that I have set up via web
config which effectively checks the return values and then loads a
template on MY system (thankyou.php) and writes a response BACK to
worldpay (Response.Redirect([template text]). I prepopulate this
template with a URL link which has the session id as a GET parameter.

The user clicks the link on the thankyou page which goes back to a
HTTP handler on my system which looks up the session id in the
database and logs them in with the corroosponding username/password..
I delete this entry from the table so this will not get large.

Not sure whether this is a standard technique but it works well.

Let me know how you get on or if you have more questions...

Cheers

Richard