1

I'm working on stripe payment gateway where user fill up shipping and credit card form and submit. I've set confirmation message on same page. But problem is if user refresh that confirmation page again then it will resubmit and create problem.

Should i redirect to thank you page or something else?

Any suggestion or anyway to secure that process?

Thanks

Jignesh Bhavani
  • 383
  • 2
  • 14
  • Possible duplicate of [how to prevent form resubmission when page is refreshed via PHP](http://stackoverflow.com/questions/6320113/how-to-prevent-form-resubmission-when-page-is-refreshed-via-php) – Aviram Mar 30 '16 at 12:28
  • 1
    You can use a captcha to avoid users to hit `F5` after submit. – node_modules Mar 30 '16 at 12:34
  • that is good idea also thanks any other way? – Jignesh Bhavani Mar 30 '16 at 12:50
  • 1
    @JigneshBhavani another solution would be a CSRF tokens and sessions, works similar like the captcha, but invisible. – node_modules Mar 30 '16 at 13:09
  • can you explain in details or with example ? actually payment in code php is new to me. thanks :) – Jignesh Bhavani Mar 30 '16 at 13:17
  • @JigneshBhavani If you want, I can write you an example CSRF class? – node_modules Mar 30 '16 at 13:37
  • 1
    I assume you create the form the user fills in with payment details. I would ensure that form has a unique GUID on it. When I processes the payment I would store and entry for that GUID in the database that is recorded as processed. If it comes back in then inform the user that it has already been processed. Why? every payment form is unique and therefore cannot be processed twice. – Ryan Vincent Mar 30 '16 at 14:56
  • @C0dekid.php that would be great if you can. – Jignesh Bhavani Mar 31 '16 at 06:47

1 Answers1

1

You can do these depending on your requirements: - Redirect user to thank you page or transaction details page where you can show him/her transaction status alongwith ref# Pro tip: This should be valid for him. Use session id to show the transaction details. You should check transactionId and sessionId

or

You can use token for each form submission. Once the same token is used, exit gracefully

Abu Musab
  • 96
  • 6
  • But this is without cart system i mean user directly buy any item and pay payment. that mean i'm not storing any transaction id in session. I know this sound noob. – Jignesh Bhavani Mar 30 '16 at 12:49
  • @AbuMusab But when you hit the `backspace` button on your keyboard, it will send you back to the submit page where you still can refresh – node_modules Mar 30 '16 at 13:10