Posted by Stefan Rybacki on 11/10/57 11:19

David Groom wrote:
> "Stefan Rybacki" <stefan.rybacki@gmx.net> wrote in message
> news:3htqo4Fis674U3@individual.net...
>
>>Stefan Rybacki wrote:
>>
>>>David Groom wrote:
>>>
>>>
>>>>I'm currently trying to build an online store, and am using sessions to
>>>>track a particular visit.
>>>>
>>>>Once the purchase has been completed I want to destroy the session, and
>>>>remove the session cookie from the browser (this being particularly
>>>>important to avoid the same session id being reused if the user decides
>>>>to place a second order).
>>>>
>>>>After the purchase is completed I have some PHP code,in a script called
>>>>completedtrx.php which contains
>>>>
>>>>setcookie("PHPSESSID", '', time()-42000, '/');
>>>>session_unregister("id");
>>>>session_destroy();
>>>>
>>>>and then goes on to echo a thankyou message. All works as a had hoped,
>>>>when all the scripts are located on my server .
>>>>
>>>>BUT
>>>>
>>>>I want to enable online credit card processing, and so script execution
>>>>leaves my server, runs on the credit card gateway, and then the gateway
>>>>returns the browser to www.myserver.com/completedtrx.php .
>>>>
>>>>When this happens the cookie is not destroyed, unless I refresh the page
>>>>www.myserver.com/completedtrx.php in the browser.
>>>>
>>>
>>>>How do I delete the cookie in these circumstances?
>>>
>>>
>>>Hi
>>>
>>>In most cases you're able to send custom data to the credit card company
>>>which they are posting back to you. So you can send the session_id or an
>>>id from which you are able to get the session_id. Ask your credit card
>>>company.
>>>
>>>By the way, you should start a session at the beginning of your script
>>>
>>>start_session();
>>
>>I meant
>>
>>session_start();
>>
>>sorry.
>>
>>
>>>session_unregister("id");
>>>session_destroy();
>>>
>
>
>
> Stefan
> I do have the session_start() in my script, the code I included in my
> original script was just and extract from that script.


Ok sorry, didn't know that.

>
> But my problem is not that I can't perpetuate the session id after coming
> back from the credit card company. My problem is that I want to delete the
> cookie from the users' browser, and at present I am trying to do this from
> within the script that is called from the credit card gateway's
> confirmation.
>

You said the cookie isn't deleted until refreshing the page, so why do
it by script?

1. You could delete the setcookie as you did and redirect to the page
again with a parameter that prevents the script from doing the redirect
again and again ...

2. May it is enough to call the initial script a completetrx.php and
redirect to for example thankyou.php


Stefan

> David
>
>

[Back to original message]