0

I'm currently using the Paypal REST API to process billing agreements for users with multiple plans.

When a user signs up for a plan, it takes them to PayPal to pay. After they finish that step, PayPal redirects them to a return URL that I have supplied.

The problem is, sometimes the user's session does not persist when they return from PayPal!

I have session_start() as the first line in all of my files, so the sessions are being created. I have verified, before taking the user to PayPal, that the $_SESSION array is being populated - it's just when they are brought back after PayPal.

Is there a better way to persist data like that so I can update a users account on return back from PayPal? Or maybe there is a way to pass the email with the PayPalrequest so that it is returned in the object they send back to my website on return?

newfurniturey
  • 37,556
  • 9
  • 94
  • 102
Brandon Green
  • 13
  • 1
  • you should add the user id in to the inputs that are sent to paypal and then returned to you –  Feb 24 '15 at 03:14
  • There are no inputs sent to paypal though. I have a button that says "pay with paypal" and they click it, and I fire off a "Create Billing Agreement With Paypal" method detailed here: http://htmlpreview.github.io/?https://raw.githubusercontent.com/paypal/PayPal-PHP-SDK/master/sample/doc/billing/CreateBillingAgreementWithPayPal.html – Brandon Green Feb 24 '15 at 03:22
  • there are or how is the plan created? –  Feb 24 '15 at 03:26
  • @Dagon - The first step after they click Paypal, gets them to the approval screen where they approve payments and pay. That requires no inputs on my part. Once the user accepts the agreement and pays it redirects back to my website, with a subscriber ID, and other data. But when the user is redirected back to my site, I have no connection with who they were before they left to go to Paypal and come back. – Brandon Green Feb 24 '15 at 12:10

2 Answers2

0

If you're properly starting the session via session_start() on both your sign-up page and the page that PayPal redirects back to, your session should be starting properly.

Assuming that you're not inadvertently closing the session, or regenerating the ID, it sounds like there isn't an actual "session management" issue, but perhaps it has to do with the URL that PayPal is redirecting back to.

A common issue with PHP sessions is that, with a default PHP config, they don't carry between subdomains.

For example, if I visit your domain domain at example.com, my session will only be active on example.com. If I then go to www.example.com, I will receive a new session.

You can verify this by going to your site at example.com or www.example.com and checking what domain the PHPSESSID cookie is set for. If it is not .example.com (note the leading .), then this is the issue =]

To help resolve this, you can modify your server's config to set the .example.com as the cookie's domain. Taken from this answer:

session.cookie_domain = ".example.com"
Community
  • 1
  • 1
newfurniturey
  • 37,556
  • 9
  • 94
  • 102
0

The same answer I gave to a recent question should work here as well:

The solution I used for this same problem was to set override_merchant_preferences on the billing agreement, with the return_url containing the user id in the query, like www.domain.com/api/handler.php?uid=42&action=return.

Though of course you can pass any identifiers you'd like through the $_GET that way.

Red
  • 143
  • 1
  • 9