问题
i am having a problem with the way that i am trying to delete some session variables when dealing with paypal and ipn.specifically, i want to have someone logged in (or not) at my online retail store, go through my cart, get redirected to paypal for payment, and then get redirected to my site.
i have been using paypal ipn to get paypal to notify me when the payment is complete and i can direct the user back to my site where the session can be started again, but i want to be able to unset the cart (but not the entire session in case they are logged in) as soon as the payment is complete. this would be to cover my bases in case the user does not land back on the payment completed page on my site but gets back on the site on a different page.
the problem is that although i am getting the same session id both at the last shipping info page on my site before going to paypal, and the landing page back on my site from paypal when the payment is completed i cannot access this session in my ipn script that runs on my site in response to paypal. i am running session_start() on each of these three pages but when i email or post on the shipping method page and the payment complete landing page i get the same session id. when i email myself the result of session id in my ipn script, i get nothing.
i could kill the cart before going to paypal but what if they wanted to go back and change things? i could kill the cart on the landing page, but what if they get to a different page somehow? i would really like to destroy the cart but not the entire session right when i get payment confirmation but i am not sure how. i have tried this on my ipn page:
session_start();
$a = session_id();
mail("webmaster@mysite.com", "ipn session id 0", $a, "From: webmaster@mysite.com");
//results in blank email, unlike in other locations on actual displayed pages
// Unset all of the session variables.
$_SESSION = array();
// Delete the session cookie to kill the session
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}
// Finally, destroy the session.
session_destroy();
unset($_SESSION['cart']);
unset($_SESSION['product_id_array']);
unset($_SESSION['pp_checkout_btn']);
unset($_SESSION['state']);
unset($_SESSION['total']);
unset($_SESSION['shipping']);
unset($_SESSION['grand_total']);
but when i go back to the view cart page, it is still there. any ideas would be greatly appreciated. any more specific code that would help, let me know and i will post it up.
回答1:
The Paypal IPN call is made by Paypal and is server-to-server only. You also don't know when that IPN call is coming. Usually they happen within seconds, but they can come much later. If the IPN call fails, they will retry again for some time. You cannot do anything related to the users session in the IPN. Each user has it's own session and you can't edit anyone else's. In this situation, your user has a session, and Paypal (the IPN call) gets it's own session.
You'll have to clear the session variables on the return to your site after successful payment. It's not foolproof - there are possibilities that the cart still won't be cleared, but this is pretty much the only way to do it.
来源:https://stackoverflow.com/questions/6054318/delete-session-variables-when-session-id-is-known-but-not-able-to-start-session