Missing session data after paypal express checkout

Question

Our opencart based store is using the paypal express checkout and about 25% of the paypal express orders are expericing issues.

The problem seems to be when they return to the website after paypal, their session data is missing so all the details of their cart has gone.

To try and see what could be causing it, when they return to the site (normally through payment/pp_express/expressReturn) and the session data does not have the paypal/cart details I've logged details of most of the superglobals. Their session is always:

Array
(
    [category] => desktop
    [language] => en
    [currency] => GBP
    [cart] => Array
        (
        )

)

Sometimes when they return their cookies are empty, other times the language, currency & tracking are there.

After investigating further it looked like the session was being lost because of the way it was being redirected:

header('Location: https://www.paypal.com/cgi‑bin/webscr?cmd=_express-checkout&token=' . $result['TOKEN'].'&useraction=commit');

So before every header redirect I added

session_write_close();

The problem actually seemed to be eased a bit but it is still happening.

The server uses memcache and my final thought is that perhaps it is low on memory and their session is lost - but I would imagine we would see frequent logout issues throughout our sites if that were the case.

Answer 1

In my excperience it is bad practice to use Sessions for displaying order data after returning from payment gateways.

Most payment gateways (inlcuding PayPal) let you pass on an OrderID or other custom variables that will be passed back on Success / Failure. You can generally follow this procedure:

1. Save order to database, retrieve orderID
2. Redirect to payment gateway. Pass orderID to the payment gateway.
3. On success / failure read order from database using the orderID sent back by the payment gateway