4

I have a strange problem, I'm trying to figure out.

I'm using PHP and REST API.

This is the scenario:

1) Users press the checkout button

2) Payment is approved

3) Payment is executed

4) User is redirected to the completed purchase page

5) Few seconds later, Cancel URL of the transaction is called (like when users clicks on Cancel and return to merchant button, instead of approving the payment).

Out of about 100 transactions I had 3 wich manifested this way on all 3 the payment was actually made, and the funds where available. I have checked the server access log files and 2 of them were using ios 9.3.1 and one was an ios 9.2.1. How is this possible?

My guess is that they somehow hit the back button and then the cancel button, can this be the case?

My cancel URL contains a script which sets the order status to canceled, should I adjust the script to only set the status to canceled if the order wasn't previously executed.

Can anybody still cancel the payment AFTER I have executed the payment?

Emil Borconi
  • 3,326
  • 2
  • 24
  • 40

3 Answers3

2

I think you should "trust" the IPN message sent by PayPal rather than the ok/cancel return url.

https://developer.paypal.com/docs/classic/ipn/integration-guide/IPNIntro/

The ok/cancel url should only be used to display the information to the user

Let PayPal know your IPN endpoint (the script which will receive the IPN GET/POST message). Once your script get called, update the database accordingly

Doing this way the user would not be able to screw up the transaction, you are guarantee to receive 1 IPN message, either it is an "transaction ok" or a "transaction error" message

Gianluca Ghettini
  • 11,129
  • 19
  • 93
  • 159
  • The only problem with this is that the IPN will containt the sale (txn_id) which if the user hits the cancel on the first step is not generated at all, so the IPN never gets called. I do have IPN listener, but I'm using server to serve communication for all the calls, the only exception is when the hit the cancel button, because PayPal is using redirect, instead of a server to server call. – Emil Borconi May 16 '16 at 09:16
1

Your issue seems to be similar to the question posted here.

From user2090027's response which was marked as answer

"We can overcome this by checking/maintaining the no of responses which we get after the payments are made on paypal.

We can maintain this using cookies on client end or on server using sessions or something else similar."

Hope this helps.

Community
  • 1
  • 1
Rama Kathare
  • 920
  • 9
  • 29
  • Hi. Yes I cam up with a similar solution (not sure if it is final or only temporary), but I'm keeping a track on the database and only accepting the first information received. – Emil Borconi May 16 '16 at 09:18
0

This is an old question but having built a PayPal integration myself I thought I'd add some info about why it happens.

If the user ends up on your "return" page after completing their payment and hits the back button, they'll get a PayPal page like this:

Your payment was completed. To continue shopping, please return to the merchant. (Return to merchant button)

If they click "Return to merchant", they'll be sent to your /cancel URL. So if you get one of these and the payment has already gone through, you can show them the payment confirmation page.

Troy
  • 1,599
  • 14
  • 28