Preventing users from resubmitting payment screen

[Jadeler <ja...@yahoo.ca>]

I wanted to find out any recommendations in handling
successful payments where the user is redirected to a
receipt screen after a successful payment transaction.
 Basically, I need to prevent users from resubmitting
the payment screen again via clicking on the browser
back button, etc or via other means.  

Thanks.

Jadeler


	

	
		
__________________________________________________________ 
Find your next car at http://autos.yahoo.ca

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: Preventing users from resubmitting payment screen

[Danny Lee <ha...@yahoo.de>]

Michael Jouravlev schrieb:
> On 11/9/05, Jadeler <ja...@yahoo.ca> wrote:
> 
>>I wanted to find out any recommendations in handling
>>successful payments where the user is redirected to a
>>receipt screen after a successful payment transaction.
>> Basically, I need to prevent users from resubmitting
>>the payment screen again via clicking on the browser
>>back button, etc or via other means.
>>
>>Thanks.
>>
>>Jadeler

I don't know how your system works, what I will do in this situation is 
cleaning the shopping basket after successful payment. In this case
after trying to submit the payment again the user will see:

"You have no more items in your basket. In most cases it means, you 
allready successfully bought the items you had..."

Cheers,

Danny


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: Preventing users from resubmitting payment screen

[Michael Jouravlev <jm...@gmail.com>]

On 11/9/05, Jadeler <ja...@yahoo.ca> wrote:
> I wanted to find out any recommendations in handling
> successful payments where the user is redirected to a
> receipt screen after a successful payment transaction.
>  Basically, I need to prevent users from resubmitting
> the payment screen again via clicking on the browser
> back button, etc or via other means.
>
> Thanks.
>
> Jadeler

These articles by yours truly may be a good start:

http://www.theserverside.com/articles/article.tss?l=RedirectAfterPost
http://www.theserverside.com/articles/article.tss?l=RedirectAfterPost2

Quote from the article:

=== cut here ===
Storing several identical items in the shopping basket is not a
problem while a user is still shopping. It is enough to show the
basket content and the quantity of each item. What is really important
is to ensure that the payment is processed only once. It may look
something like this:

    * A shopping basket is created, the unique basket ID is assigned
to the basket.
    * If a user clicks on Back button after adding an item to the
basket, browser reloads up-to-date basket information from the server
and shows to the user that the item is already in the basket. It is up
to the user to add another identical item.
    * When the basket is submitted, its content is sent to a
purchasing subsystem; the basket is invalidated; its transaction
number is saved in history table if needed and destroyed from
application context. The user is redirected to success page.
    * When a user clicks Back button after purchase was made, browser
attempts to load the basket and fails because the basket, its ID and
its content have already been destroyed. Browser shows error message
instead of the basket. Submitting the same basket twice is impossible.
    * In case of caching browser or proxy a user who clicked Back
button would see the same basket which was already submitted to
purchasing subsystem. User's attempt to resubmit the basket would fail
because basket tracking ID has been already destroyed along with the
basket itself. As a courtesy for users of caching browsers the server
can reply with error stating that the submitted basket does not exist
any longer.
=== cut here ===

Michael.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: Preventing users from resubmitting payment screen

[Michael Jouravlev <jm...@gmail.com>]

Why would you need an artificial token, if you can create a robust
system using your own data model? Instead of verifying that request
was or was not yet submitted, you would verify that actual data is or
is not there. I think the latter approach is more logical and robust.

Michael.

On 11/10/05, Martin Gainty <mg...@hotmail.com> wrote:
> Good Morning Jadeler-
>
> I would suggest taking a look at what is happening underneath the hood e.g.
> @1 Struts will generate a unique value (the token) and keep it in the
> session context
> @2 When the JSP is rendered, Struts inserts the unique value (token) as a
> hidden field
> @3 The hidden field token is submitted along with the rest of the form and
> isValidToken() checks the value that came in with the current request
> against
> the value that was saved in the session context by the most recent
> saveToken() call.
> If the two token values match, the submission is valid.
>
> explanation courtesy of Junilu Lacar
>
> I hope this helps you out,
>
> Anyone else ???
>
> Martin Gainty
>
> (mobile) 617-852-7822
>
>
>
>
>
> >
> >Jadeler,
> >
> >If you are using struts, in your class you can use saveToken() method and
> >isValidToken() method to revalidate the request. more detail you can get
> >from struts site.
> >
> >hope it helps
> >Sunil
> >
> >
> >
> >Jadeler <ja...@yahoo.ca>
> >11/10/2005 01:05 PM
> >Please respond to
> >"Struts Users Mailing List" <us...@struts.apache.org>
> >
> >
> >To
> >user@struts.apache.org
> >cc
> >
> >Subject
> >Preventing users from resubmitting payment screen
> >
> >
> >
> >
> >
> >
> >I wanted to find out any recommendations in handling
> >successful payments where the user is redirected to a
> >receipt screen after a successful payment transaction.
> >  Basically, I need to prevent users from resubmitting
> >the payment screen again via clicking on the browser
> >back button, etc or via other means.
> >
> >Thanks.
> >
> >Jadeler

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: Preventing users from resubmitting payment screen

[Martin Gainty <mg...@hotmail.com>]

Good Morning Jadeler-

I would suggest taking a look at what is happening underneath the hood e.g.
@1 Struts will generate a unique value (the token) and keep it in the 
session context
@2 When the JSP is rendered, Struts inserts the unique value (token) as a 
hidden field
@3 The hidden field token is submitted along with the rest of the form and 
isValidToken() checks the value that came in with the current request 
against
the value that was saved in the session context by the most recent 
saveToken() call.
If the two token values match, the submission is valid.

explanation courtesy of Junilu Lacar

I hope this helps you out,

Anyone else ???

Martin Gainty

(mobile) 617-852-7822





>
>Jadeler,
>
>If you are using struts, in your class you can use saveToken() method and
>isValidToken() method to revalidate the request. more detail you can get
>from struts site.
>
>hope it helps
>Sunil
>
>
>
>Jadeler <ja...@yahoo.ca>
>11/10/2005 01:05 PM
>Please respond to
>"Struts Users Mailing List" <us...@struts.apache.org>
>
>
>To
>user@struts.apache.org
>cc
>
>Subject
>Preventing users from resubmitting payment screen
>
>
>
>
>
>
>I wanted to find out any recommendations in handling
>successful payments where the user is redirected to a
>receipt screen after a successful payment transaction.
>  Basically, I need to prevent users from resubmitting
>the payment screen again via clicking on the browser
>back button, etc or via other means.
>
>Thanks.
>
>Jadeler
>
>
>
>
>
>
>__________________________________________________________
>Find your next car at http://autos.yahoo.ca
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: Preventing users from resubmitting payment screen

[Su...@Keane.com]

Jadeler,

If you are using struts, in your class you can use saveToken() method and 
isValidToken() method to revalidate the request. more detail you can get 
from struts site.

hope it helps
Sunil



Jadeler <ja...@yahoo.ca> 
11/10/2005 01:05 PM
Please respond to
"Struts Users Mailing List" <us...@struts.apache.org>


To
user@struts.apache.org
cc

Subject
Preventing users from resubmitting payment screen






I wanted to find out any recommendations in handling
successful payments where the user is redirected to a
receipt screen after a successful payment transaction.
 Basically, I need to prevent users from resubmitting
the payment screen again via clicking on the browser
back button, etc or via other means. 

Thanks.

Jadeler


 

 
 
__________________________________________________________ 
Find your next car at http://autos.yahoo.ca

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org