Cybersource Developer Community Cybersource Developer Community

Thanks. I got it. :manhappy:

But, since I have to store submitted data in my database and do some $_SESSION changes, I was thinking to use the following code in reley_response.php

<script type="text/javascript">
function myfunc () {
var frm = document.getElementById("authdotnet");
frm.submit();
}
window.onload = myfunc;
</script>

<form method='post' action="https://mysite.com/relay_response2.php" id="authdotnet">
<?php foreach ($_POST as $key => $value) { ?>
<input type="hidden" name="<?=$key?>" value="<?=$value?>">
<?php } ?>
</form>

to switch from authorize.net to mysite.com and finish "my" work and then show thankyou.php (there are multiple method payments on my site that use the same thankyou page)

Is this logic "ok:" or there is better solution?

Thanks for help.

An internal POST from Authorize.net is not the same as a browser going to your page - the Javascript will be ignored and nothing will happen. You need your PHP code to call your database and/or session and update them before returning the receipt URL to Authorize.net, not do something weird like generate a form and call a second relay response page (what would that gain you, exactly?) Incidently, the session won't trigger automatically either, since it's Authorize.net calling the page and not your customer, so you have to pass the session ID as part of the order data if you want to load the session from the relay response page and modify it.

Generally better to avoid sessions entirely, and just use a database record with a passed idn, but I don't have time right now to rewrite your entire ordering process. I wish you good luck.

Why not try it anyway. It might work.

"... An internal POST from Authorize.net is not the same as a browser going to your page - the Javascript will be ignored and nothing will happen..."

- Sorry, but didn't understand this :-(

"... You need your PHP code to call your database and/or session and update them before returning the receipt URL to Authorize.net,..."

- I can't update my database before the cc form is submitted beacuse I need Billiing and Shipping data. But if you think to do it after the form is submitted but before relay_respond.php file is called - I have no idea how nor where to put the code?!!?

"... not do something weird like generate a form and call a second relay response page (what would that gain you, exactly?)..."

- The reason is once I'm back on mysite.com I can use my session ID (it's not lost) to update database. Within the relay_response.php I can't do anything? I can't connect to database.

"... Incidently, the session won't trigger automatically either, since it's Authorize.net calling the page and not your customer, so you have to pass the session ID as part of the order data if you want to load the session from the relay response page and modify it.

Generally better to avoid sessions entirely, and just use a database record with a passed idn, but I don't have time right now to rewrite your entire ordering process. I wish you good luck..."

@RaynorC1emen7

It works fine. But I wonder if it's correct way to do? Or maybe is bad security solution, or... I don't know. :-)

I think is fine as long as is https. There shouldn't be any confidential info in the post data anyway. The only thing I could think of is  you might not know if an error occur  between relay_response.php and relay_response2.php, but it should be well tested anyway, right?

I just don't understand what he could possibly gain by posting the data from the first relay response page to another relay response page. The first page already has all the data, just do whatever you're going to do there and move on. It's not a matter of security (though I would try to avoid passing around the last 4 of the credit card whenever possible just on general principle), but rather one of it being entirely pointless and increasing the chances of the data being lost before it gets to his database.