views:

469

answers:

4

Hello,

I have a question about using paypal on a page where the user is logged into

It is with php

How can you have the user still authorised for that page if paypal is redirecting back to that page.

I read something about giving the session_id to the custom variable with PDT What about, if you have multiple session variables. Can you also pass an array to the custom variable?

How is it done, codingwise

any insights are good

edit:

Is the PDT custom variable just some self invented name that you stick behind the other obligated variables.

like so:

$req = "tx=$tx&at=$token&cmd=$cmd";

$req .= "&somevariablename=".session_id();

thanks, Richard

+2  A: 

So if I understand correctly:

  1. The user is logged in on your page.
  2. They click on a paypal button / Submit a form
  3. Now they're at www.paypal.com completing their transaction.
  4. Once finished, they are redirected back to your page.

You could use cookies, but they're not fail-safe since the user may have them disabled.

A possible method is making a unique identification string that would be sent to paypal so they are redirected to a custom URL with the string. In that page you validate it, and authorize the user.

Daniel S
+1  A: 

Just pass the current session id (get it with $id = session_id(); ) to Paypal, and once you get the user, and the session id, back from Paypal just set the session id to the one Paypal sent you using session_id($idPaypalSent);

code_burgar
A: 

You have a wrong concept of session id: The session id is not just another session variable, but the id of the session, so that you can assign the user to the session variables. You can get the session id via $sess_id = session_id(); and attach that to the custom return variable as "&ppsessid=" . $sessid. You can then set the session id via session_id($_GET['ppsessid']);.

Residuum
ok, so I don't have to pass the whole session arrayjust the session id and then I have access to all off the session variables again. Thanks, I wasn't sure off that.
Richard
+1  A: 

May be i am missing something.

So your user logs in .. clicks on buy now button or whatever and goes to paypal site, when finished comes back to your site on a page which lies inside the user area.

This should work seamlessly without u having to do anything. UNLESS the user spends too much time on the paypal site and the session expire time is reached on the server OR the user closes the browser and goes directly to your paypal payment page.

The session will stay alive for its live and the user can move back and forth between your site and some other seamlessly as long as the session timeout allows.

Sabeen Malik
If paypal is going to do a http request to my hostingserver with the returnurl, how in the world is the server to know how to react in that request. How is it going to know if it has to display a loggedin page or a standard page and also link them to that specific user. I am just saying. Maybe that's what you missed.
Richard
return urls are browser based .. ipn requests are server to server .. so when u click on that "continue to the site" button or when paypal automatically redirects the user back to your site .. for ur browser, u are already authenticated on that site .. for the server, as long as ur browser is sending the right session id via cookie.. everything is good.
Sabeen Malik
its just like ..... u are logged into ur site and are looking at http://www.abc.com/hello.phpnow in the address bar type paypal.com and visit a few pages there.. now from history or from the address bar directly type http://www.abc.com/hello.php .. u should see the page as a logged in user. return urls will work pretty much the same.. cause returnurls DONT generate a http request in the background, they just send the users browser to that page, thats it.
Sabeen Malik