I am currently working on integrating a PHP/MySQL-based e-commerce website I manage with the RBS Worldpay payment gateway. Here is my problem:
A customer fills up his shopping basket and as he does so, the contents get stored in the $_SESSION
global array as well as being stored in a cookie. When the customer checks out he gets sent to the Worldpay pages to put in his payment details. I am using the "Payment response"/callback feature to redirect a successful payment to my own page, "confirmation.php", which tells the customer all is well, plus does some database queries in the background.
All fine!
HOWEVER, I also at this point wish to empty the shopping cart data from the $_SESSION
array as well as get rid of the cookie. So fine, I just use:
$_SESSION['cart'] = array();
setcookie('cart', '', 0, '/');
But this doesn't work. And it has to do with the fact that the URL for this redirected page is actually https://secure-test.wp3.rbsworldpay.com/wcc/purchase
rather than www.mysite.co.uk/confirmation.php
.
As a test, I had my confirmation page echo the phpinfo() and from the $_SERVER vars, everything seems to be fine, eg:
_SERVER["DOCUMENT_ROOT"] /var/www/vhosts/mysite.co.uk/httpdocs
_SERVER["SCRIPT_FILENAME"] /var/www/vhosts/mysite.co.uk/httpdocs/confirmation.php
_SERVER["SERVER_PROTOCOL"] HTTP/1.0
_SERVER["REQUEST_METHOD"] POST
_SERVER["QUERY_STRING"] installation=[xxxxxx]&msgType=authResult
_SERVER["REQUEST_URI"] /confirmation.php?installation=xxxxxx&msgType=authResult
_SERVER["SCRIPT_NAME"] /confirmation.php
_SERVER["PHP_SELF"] /confirmation.php
_SERVER["HTTP_USER_AGENT"] WJHRO/1.0 (WorldPay Java HTTP Request Object)
So it seems that because of the fact that the URL is pointing to a different domain, my script can't access the $_SESSION and $_COOKIE data, nor manipulate it. I don't know how this Worldpay system is doing it, it's not an iframe or anything like that, but I suspect it has to do with the user agent - "WJHRO/1.0 (WorldPay Java HTTP Request Object)"
Is anyone familiar with this? How can I get around this?
Thanks for reading!
Michael