1

I am trying to solve a problem that occurs with Authorize.net. The SessionToken is generated while in test mode through a test account. Now, a new SessionToken is generated each time the form is previewed through the test account or the actual account.

A hidden input field is shown each time when the form is accessed in preview mode. I have generated a hidden input field on my form by using a toBase64() string combined from the x_login and the x_tran_key. The output is this: 

<INPUT TYPE="HIDDEN" NAME="SessionToken" ID="SessionToken" VALUE="TXpOSFRUWXpXbk40VjNSeg==TlRsU2JqaHFOM2RLZFd0RU5VdzJadz09">

in the forms hidden input field for SessionToken as you can see above.

When generating my own SessionToken for processing, the error shown after trying to process the https://test.authorize.net/gateway/transact.dll shows this:

(46) Your session has expired or does not exist. You must log in again to continue working.

The only way for the form to actually work is after grabbing the SessionToken code from the form in preview mode. For example: Go to Account --> Settings --> Payment Form --> Preview --> and viewing and copying the code from view frame source. It looks like this:

<INPUT TYPE="HIDDEN" NAME="SessionToken" ID="SessionToken" VALUE="jMsCez2DId$VvgF4s4Hbjbe$Uv6WnJh8cEKBD5HqTUEqlHoRBebKZ07bp4RZdpwOPnGabB3pbcWFppJCph7dg6HjQeroJvlay6mQm5ocjkZPq44uT4nqeg2zWhX13b7Blp$qN7ZDzQ5HF1abfukJTQAA,jMsCez2DId$VvgF4s4Hbjbe$Uv6WnJh8cEKBD5HqTUEqlHoRBebKZ07bp4RZdpwOPnGabB3pbcWFppJCph7dg6HjQeroJvlay6mQm5ocjkZPq44uT4nqeg2zWhX13b7Blp$qN7ZDzQ5HF1abfukJTQAA">

Finally, if I use the value:

jMsCez2DId$VvgF4s4Hbjbe$Uv6WnJh8cEKBD5HqTUEqlHoRBebKZ07bp4RZdpwOPnGabB3pbcWFppJCph7dg6HjQeroJvlay6mQm5ocjkZPq44uT4nqeg2zWhX13b7Blp$qN7ZDzQ5HF1abfukJTQAA

as the SessionToken as: 

<cfset SessionToken = 'jMsCez2DId$VvgF4s4Hbjbe$Uv6WnJh8cEKBD5HqTUEqlHoRBebKZ07bp4RZdpwOPnGabB3pbcWFppJCph7dg6HjQeroJvlay6mQm5ocjkZPq44uT4nqeg2zWhX13b7Blp$qN7ZDzQ5HF1abfukJTQAA'>

and process the form it works. But it only works one time for the current session if signed into the Test Account.

All help is appreciated of course. This is the last part to the code I need and just can not figure out how to make it work. I need to fetch the response for the SessionToken to populate the SessionToken hidden field input on the form.

I am not using the CFHTTP method because the form is on the website and when the payment form loads the SessionToken is needed. Meaning that the submit/sending... button on the form is submitted it then processes the payment and displays the receipt.

John Conde
  • 217,595
  • 99
  • 455
  • 496
Link Worx Seo
  • 23
  • 3
  • Is there an online example of the feature you are trying to implement in the developer documentation? I took a quick look and did not see anything about a `SessionToken` in the CF example here: [developer.authorize.net](http://developer.authorize.net/api/aim/). – Leigh Aug 25 '13 at 03:33
  • You are correct, there is nothing in the developer documentation about the SessionToken or anywhere else on the net I could locate. Kind of strange since the SessionToken is on the forms from Authorize.net. I made a shift in page processing to solve the error. I did manage to create a SessionToken of a 32 bit string as the SessionToken is a 32 bit string on Authorize.net's forms. I combined the x_login and the x_tran_key and converted it toBase64(). After changing the page process from one page to two pages, the transact.dll file was processed with CFHTTP on a separate page. No token needed. – Link Worx Seo Aug 28 '13 at 23:06
  • Interesting. Not sure why the separate page made a difference. Anyway, you might want to post the final code as an answer. Help the next guy that runs into the same problem. – Leigh Aug 29 '13 at 04:08

1 Answers1

0

If you download the Coldfusion sample code from Authorize.net you will notice you do not need a SessionToken. See below:

Source: http://developer.authorize.net/downloads/samplecode/

<cfhttp method="Post" url="https://test.authorize.net/gateway/transact.dll">
<!--- the API Login ID and Transaction Key must be replaced with valid values --->
<cfhttpparam type="Formfield" name="x_login" value="API_LOGIN_ID">
<cfhttpparam type="Formfield" name="x_tran_key" value="TRANSACTION_KEY">

<cfhttpparam type="Formfield" name="x_delim_data" value="TRUE">
<cfhttpparam type="Formfield" name="x_delim_char" value="|">
<cfhttpparam type="Formfield" name="x_relay_response" value="FALSE">

<cfhttpparam type="Formfield" name="x_type" value="AUTH_CAPTURE">
<cfhttpparam type="Formfield" name="x_method" value="CC">
<cfhttpparam type="Formfield" name="x_card_num" value="4111111111111111">
<cfhttpparam type="Formfield" name="x_exp_date" value="0115">

<cfhttpparam type="Formfield" name="x_amount" value="19.99">
<cfhttpparam type="Formfield" name="x_description" value="Sample Transaction">

<cfhttpparam type="Formfield" name="x_first_name" value="John">
<cfhttpparam type="Formfield" name="x_last_name" value="Doe">
<cfhttpparam type="Formfield" name="x_address" value="1234 Street">
<cfhttpparam type="Formfield" name="x_state" value="WA">
<cfhttpparam type="Formfield" name="x_zip" value="98004">
<!--- Additional fields can be added here as outlined in the AIM integration
guide at: http://developer.authorize.net --->   
<!--- The following fields show an example of how to include line item details, they are commented out by default.
<cfhttpparam type="Formfield" name="x_line_item" value="item1<|>golf balls<|><|>2<|>18.95<|>Y">
<cfhttpparam type="Formfield" name="x_line_item" value="item2<|>golf bag<|>Wilson golf carry bag, red<|>1<|>39.99<|>Y">
<cfhttpparam type="Formfield" name="x_line_item" value="item3<|>book<|>Golf for Dummies<|>1<|>21.99<|>Y">
--->
</cfhttp>

Hope this helps.

osekmedia
  • 633
  • 7
  • 14