Shopping carts and payment gateways

[eluser]megabyte[/eluser]
I have a shopping cart system set up for users on my site. They have to be logged in to purchase products.

Then when they check out they are sent to beanstreams hoated payment page, so they leave the website, then get returned there after the credit card processing.


My question is this.

My session expire is set for 7200 seconds, now what are the chances that a user would make a purchase and then be returned to the website and be logged out because the session has expired?


Is this a possibility I need to worry about?

If so, how do you handle it.

I'm just looking for some advice.

Basically trying to make the entire process bullet proof.

I'm storing the cart contents in a session, and on success when they are returned to the website, the cart is then inserted into a table called purchases. So if the session had expired the cart contents would not be available.

I am of course using codeigniter and this isnt just a general php question.

Also, I am storing the session data in a db.

[eluser]darrenfauth[/eluser]
I think you can't count anything out. A user could sit on the checkout page off your site for a long time for any number of reasons. What happens when they get back to your site after the off-site transaction? Their purchase is complete right? Would it be so bad that they had to log back in to your site?

How about if you set a cookie on their machine that you can check against. That way you are not just relying on the session data that expires?

[eluser]Clooner[/eluser]
Most payment systems will push a notification to your site when the user finishes the payment. If so you can also probably set a id to the payment. Use that id to move the info to the table purchases. Most payment systems have good documentation on how to solve this.

[eluser]Phreax[/eluser]
As clooner says if your payment gateway pushes a notification to your site, when you are processing the payment refresh the user session.