Where is the safest place to store request_id to repeat process-external-payment?

L

likejavascript2016-03-24 12:56:27

Payment systems

likejavascript, 2016-03-24 12:56:27

In accordance with the documentation Accepting payments from bank cards without authorization

Note that the application may need to call the process-external-payment method again. The method should be called until the completion of the payment process. This may require additional user action in the WebView.

The process-external-payment method requires request parameters , including the request_id obtained in the previous step
. Since process-external-payment is called again in a different thread, the request_id received earlier needs to be stored somewhere. Is it safe to store it in the session of the logged in user making the request and what can happen if the user has not yet completed the current payment and starts a new payment process? Will there be an intersection?
Share your experience. Thanks

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

B

barsukovairina, 2016-04-06
@barsukovairina

When request-payment or request-external-payment is called, each time a new request_id will be generated and issued in response to these requests, it can be stored in cookies.
It will not be possible to repeat the write-off twice through request_id, so the value itself will not make the weather worse for an attacker.