Provide a way or any best practice to ensure initial session is same as return confirmation from iFrame session. Just calling getTranasctionDetails and matching transaction ID and timestamp does not ensure same session.
Just to followup, if you find working with Accept Hosted difficult because of the limitations like the above, might I recommendAccept.js?
You can actually now call a hosted payment form from JavaScript in the browser, and then return an encrypted representation of the card data back to your server to do all of the transaction processing server-side. It's the PCI-DSS profile of Accept Hosted without the iFrameCommunicator weirdness.