PayPal IPN - having trouble accessing session data?

Question

Hello, all. I'm having issues with PayPal IPN integration where it seems I cannot get my solution to read session variables.

Basically, in my shop module script, I store the customer's details as provided by PayPal to an orders table. However, I also wish to save products ordered in a transaction to a separate table linked by the order ID.

However, it's the second part of the script that's not working, where I loop through the products in the session and then save them to the orders_products table.

Is there a reason why the session data not being read?

The code within shop.php is as follows:

if ($paypal->validate_ipn()) {
    $name = $paypal->ipn_data['address_name'];
    $street_1 = $paypal->ipn_data['address_street'];
    $street_2 = "";
    $city = $paypal->ipn_data['address_city'];
    $state = $paypal->ipn_data['address_state'];
    $zip = $paypal->ipn_data['address_zip'];
    $country = $paypal->ipn_data['address_country'];
    $txn_id = $paypal->ipn_data['txn_id'];
    $sql = "INSERT INTO orders (name, street_1, street_2, city, state, zip, country, txn_id)
            VALUES (:name, :street_1, :street_2, :city, :state, :zip, :country, :txn_id)";
    $smt = $this->pdo->prepare($sql);
    $smt->bindParam(':name', $name, PDO::PARAM_STR);
    $smt->bindParam(':street_1', $street_1, PDO::PARAM_STR);
    $smt->bindParam(':street_2', $street_2, PDO::PARAM_STR);
    $smt->bindParam(':city', $city, PDO::PARAM_STR);
    $smt->bindParam(':state', $state, PDO::PARAM_STR);
    $smt->bindParam(':zip', $zip, PDO::PARAM_STR);
    $smt->bindParam(':country', $country, PDO::PARAM_STR);
    $smt->bindParam(':txn_id', $txn_id, PDO::PARAM_INT);
    $smt->execute();
    // save products to orders relationship
    $order_id = $this->pdo->lastInsertId();
    // $cart = $this->session->get('cart');
    $cart = $this->session->get('cart');
    foreach ($cart as $product_id => $item) {
        $quantity = $item['quantity'];
        $sql = "INSERT INTO orders_products (order_id, product_id, quantity) VALUES ('$order_id', '$product_id', '$quantity')";
        $res = $this->pdo->query($sql);
    }
    $this->session->del('cart');
    mail('[email protected]', 'IPN result', 'IPN was successful on wrestling-wear.com');
} else {
    mail('[email protected]', 'IPN result', 'IPN failed on wrestling-wear.com');
}

And I'm using the PayPal IPN class for PHP as found here: http://www.micahcarrick.com/04-19-2005/php-paypal-ipn-integration-class.html, but the contents of the validate_ipn() method is as follows:

public function validate_ipn()
{
    $url_parsed = parse_url($this->paypal_url);
    $post_string = '';
    foreach ($_POST as $field => $value) {
        $this->ipn_data[$field] = $value;
        $post_string.= $field.'='.urlencode(stripslashes($value)).'&';
    }
    $post_string.= "cmd=_notify-validate"; // append IPN command
    // open the connection to PayPal
    $fp = fsockopen($url_parsed[host], "80", $err_num, $err_str, 30);
    if (!$fp) {
        // could not open the connection. If logging is on, the error message will be in the log
        $this->last_error = "fsockopen error no. $errnum: $errstr";
        $this->log_ipn_results(false);
        return false;
    } else {
        // post the data back to PayPal
        fputs($fp, "POST $url_parsed[path] HTTP/1.1\r\n");
        fputs($fp, "Host: $url_parsed[host]\r\n");
        fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n");
        fputs($fp, "Content-length: ".strlen($post_string)."\r\n");
        fputs($fp, "Connection: close\r\n\r\n");
        fputs($fp, $post_string . "\r\n\r\n");
        // loop through the response from the server and append to variable
        while (!feof($fp)) {
            $this->ipn_response.= fgets($fp, 1024);
        }
        fclose($fp); // close connection
    }
    if (eregi("VERIFIED", $this->ipn_response)) {
        // valid IPN transaction
        $this->log_ipn_results(true);
        return true;
    } else {
        // invalid IPN transaction; check the log for details
        $this->last_error = 'IPN Validation Failed.';
        $this->log_ipn_results(false);
        return false;
    }
}

Answer 1

If I recall correctly, PayPal IPN sends a notification to your script directly. Since the notification is coming from PayPal - NOT the customer that placed the order - their session doesn't exist in this context. Therefore, all their cart data doesn't exist in the session.

When I've used IPN in the past, I stored everything about their order in the database and generated a TransactionID. This is one of the pass-through variables that I can send off with the rest of the order to PayPal and they will pass it back. Once I received the IPN from PayPal I re-hydrated their order based on the TransactionID and proceeded with whatever business rules I had to follow - send an email, create passwords, etc.