Can you please suggest best practices for handling an expired token in an iFrame? According to the docs, the token expires after 15 minutes. When the user submits the payment form in the iFrame and the token is expired, they get an error message along the lines of "Finger print invalid", and they cannot continue unless they press cancel.
Users are then left at a dead end unless they know to refresh the page (which users won't know to do). There is no notification communicated to the iFrame communicator on expired token, so we are left with stranded users.
I understand the need for expired tokens, but there is no way to refresh the token without an explicit and undefined action from the end-user.
06-20-2017 06:24 AM
Hi @mikeyudin,
There's not any specific help I can give right now. I'd love it if anyone else would chime in with anything they might have tried.
I'm sure there are a few things we could do better with this in the future, though. For example, the idea of communicating that message to the iframecommunicator could be something that works well. Or, the "expired token" message could give more specific instructions to the customer to return to the merchant's site. If you have any specific suggestions you'd like to see, please add them to our Ideas Forum where others can take a look, contribute feedback, and vote for new features.
06-21-2017 02:27 PM
There are many ways to inform the customer about a pending token expiration, one simple way using only Javascript is below:
<html> <head> <script type="text/javascript"> var timeleft=15; var interval; interval = setInterval('change()',60000); function change() { timeleft--; if(timeleft<=0){ alert("Your session has ended.") document.getElementById("sessionTime").innerHTML = "Your session has expired. <button onclick=\"reloadFunction()\">Reload page</button>"; } else if(timeleft<=2){ alert("Your session is about to end, time left is "+timeleft+" minutes.") document.getElementById("sessionTime").innerHTML = "Your session is about to expire " + timeleft + " minutes left. <button onclick=\"reloadFunction()\">Reload page</button>"; } } </script> <script> function reloadFunction() { location.reload(); } </script> </head> <body> <div id="sessionTime"></div> </body></html>
06-21-2017 04:33 PM
Thank you for this example. Seems like a good way to handle the token expiration. We will modify this solution for our needs.
I'd suggest something like this for the documentation, as others will probably run into this issue.
06-26-2017 07:16 AM
Your are welcome.
06-26-2017 07:19 AM