Is there any way to maintain session attributes, using HttpSession or Cookies?
I am trying to match the user in the session in the servlet handling the Silent POST and cannot find a suitable way to do this except maintining a database table.
Thanks for any help.
01-24-2012 03:16 AM
The silent post and relay response pages do not have anything to do with the user. Only Authorize.net connects them. So you'll need to add a database record for the transaction up front, pass the record ID with the transaction, then have your relay response or silent post update the transaction status to "completed" or whatever. If you don't care about keeping ongoing records of transactions on your site, and instead just want to give the user access to something on your receipt page, you can instead have your receipt page look up the transaction using the Transaction Details API and give them access if the transaction has completed. Or pass a "transaction complete" value in the receipt URL, along with some sort of verification hash to make sure they aren't just typing in random transaction numbers.
01-24-2012 06:35 PM
If you are using java, tomcat-based servlet containers have the option to pass the session identifier cookie in the query string rather than as a cookie, so if your relay url is https://myserver.com/relayresponse, you can pass https://myserver.com/relayresponse;jsessionid=COOKIE_VALUE as the value for x_relay_response parameter, where COOKIE_VALUE is the personal JSESSIONID cookie value for the user browser - this way the HttpSession object will automatically become the same when relay response servlet is called.
There certainly are ways to retrieve the session storage for the user in any web platform, you just need to pass the cookie value that identifies the user session as a merchant-defined parameter and then look up the session once you receive the POST for relay_response from authorize.net.
01-26-2012 06:01 AM