Answer the question
In order to leave comments, you need to log in
L
L
likejavascript2016-03-24 12:56:27
likejavascript, 2016-03-24 12:56:27
Where is the safest place to store request_id to repeat process-external-payment?
In accordance with the documentation Accepting payments from bank cards without authorization
Note that the application may need to call the process-external-payment method again. The method should be called until the completion of the payment process. This may require additional user action in the WebView.
The process-external-payment method requires request parameters , including the request_id obtained in the previous step
. Since process-external-payment is called again in a different thread, the request_id received earlier needs to be stored somewhere. Is it safe to store it in the session of the logged in user making the request and what can happen if the user has not yet completed the current payment and starts a new payment process? Will there be an intersection?
Share your experience. Thanks
1 answer(s)
@barsukovairina
B
barsukovairina, 2016-04-06 @barsukovairina
When request-payment or request-external-payment is called, each time a new request_id will be generated and issued in response to these requests, it can be stored in cookies.
It will not be possible to repeat the write-off twice through request_id, so the value itself will not make the weather worse for an attacker.
Similar questions
V
A
Alexey Fisenko2020-03-01 13:23:33
What payment system can be supplied for the USA/INDIA site?
2Reply
R
N
Nekto_TM2017-10-23 23:06:35
How do I calculate the PayPal fee when receiving funds from abroad?
5Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question