Hi
I am using paypal but I noticed when I come back from there site sessions that I have to hold information about the user is gone. Like I want to hold the price in a session to check against the price that comes back from paypal(just as another line of defence) but it is null.



Also I am using there IPN but I need to use the .net membership to get the users name and and userID so I can activatet here account once they have paid for the subscription.

These are all null and I don't understand why or how to solve this.
Any ideas of why this is happening?

Hi chobo

I'm not sure why your first problem is happening - to be clear, is this when the customer has put confirmed the payment in Paypal and they are taken back to your site? If so, I would have thought the session should stay.

For the IPN issue, this is because Paypal is sending the information as a web request separate to the user's session - page 9 of the IPN Guide explains this.
To link this up to the user, you should send a unique value for that user to the payment, a simple example being their user id in the database. You can put this in the "custom" field, or add it dynamically to notify_url when you do the payment. When your IPN listener receives a message, it can read this value and use it to get the full user's details.

You could also use this solution to get round your first issue.

Phil

Hi what is happening is this I am using the express checkout.

1. User is logged in mysite. Chooses subscription and clicks button
2. User sent to my site. See's item/price and other information.
3. User hits "pay now" button in paypal(changed useraction to commit).
4. User Comes back to my successful page where on page load I finish the transaction by doing the "do" checkout.

On this sucessful page I have an if statement to see first if it is the first time the page is being loaded(to stop them from being charged twice if they would hit like F5).

After this if statement I try to call the session "total_amount" that was sent before the user hit the button that sent them to paypal.

So I should set my "notify_url" in the do section with the user information? So could I put the userID and UserName and send it along? would that be safe I just want to make sure not exposing these could lead to some wholes or something.

With price I am not sure the whole thing is just to check before the "do" request would happen if the value has changed. I will be using SSL but I just thought it would be just another line of defence.

I guess I could stick it in a database but I really did not want to do that since they I would have to keep track of that and if the user cancels I guess I would have to delete that record since I don't want to be store records that where canceled and never went through.

I would like to try to get the session thing working or at least understand why it does not work. Like I know sessions die after awhile but that is like what after 20mins? not like 3mins.

It is hard to say anything definitive here, since you haven't told us how you are sending the user to PayPal. That would make a huge difference.

However, if I had to guess, from your issue I would assume you are probably using the Response.Redirect method.

As I'm sure you are aware, Session is a property of the current response (HttpContext). You cannot store stuff in Session and retrieve it after a redirect, because Response.Redirect terminates the current response and creates a brand new context.

The only way that comes to mind to fix this is to not use the Session object. Doesn't sound like a big problem, as there are a number of other state-handling mechanisms available.

__________________
Visit my blog at http://leedumond.com
Follow me on Twitter: http://twitter.com/LeeDumond

Oh ya I am using Response.Redirect(what other ways are there?). I am also was unaware that it terminates the current response and creats a brand new context. All knew actually looked into what happens with a Response.Redirect. Really the only thing my book says about it is that it terminates the execution of the current page. Did not know it destroyed stuff like sessions.

Could you list a couple choices I have? The only other one I know of is Server.Transfer.

Well, you don't have any other choice but to redirect in this case, since Server.Transfer won't let you go to an outside site.

What I was referring to regarding your choices was for the state handling -- in other words, where you can store your info besides Session.

A number come to mind -- the ASP.NET cache, a cookie, and the querystring. Cache is the most secure if you're storing something you don't want tampered with.

I think Phil's suggestion of passing the userID in the querystring is pretty good, and probably the easiest to implement. That would let you associate the order with a user, and to obtain a reference to that user by plucking the ID out of the querystring.

__________________
Visit my blog at http://leedumond.com
Follow me on Twitter: http://twitter.com/LeeDumond

So I can send the userID and Username along then from the .net membership? This wont' be not secure or anythign?

So how about price? sending it along in the query string would be pointless it could just be changed so what should I do then?

There would be no point in sending BOTH the userID and the username. One or the other should be sufficient, as you can get a reference to the entire MembershipUser object from just one of those pieces of data.

You could store the price in the Cache.

__________________
Visit my blog at http://leedumond.com
Follow me on Twitter: http://twitter.com/LeeDumond

how would I get this reference do you mean querying it from the database or is there built in method I can grab it from?

__________________
Visit my blog at http://leedumond.com
Follow me on Twitter: http://twitter.com/LeeDumond