How to restore the SessionID

[Alberto]

Hi,
Im calling a URL for payment to MercadoPago , posting a jSon to a URL like:
https://www.mercadopago.com.ar/checkout/v1/redirect?pref_id=55501893-1b62ecfe-ce4c-4448-bd37-3c2bc782a2b3

Im sending it the SessionID as a variable 'external_reference' inside the jSon and it is returned from the payment page returning to a NT proc called MercadoPago_Failure
The Log is:

GET /MercadoPago_Failure?collection_id=null&collection_status=null&external_reference=124738790&payment_type=null&merchant_order_id=null&preference_id=55501893-3d5118bd-09a2-4a05-91f2-83c7a25dadeb&site_id=MLA&processing_mode=aggregator&merchant_account_id=null HTTP/1.1
Host: 192.168.1.111:88
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: es-AR,es;q=0.9,es-419;q=0.8,en;q=0.7
Cookie: LOC__REMEMBER=1; USER_TYPE=; LOC__EMPRESA=wsami-arm-1279-2009; LOC__PASSWORD=123; LOC__LOGIN=armi

As you can see theres no SESSIONIDX cookie

Im trying to set it back using

p_web.sessionID = p_web.GetValue('external_reference")

It seams to work in the MercadoPago_Failure proc but whe I click in a link to another page called mEcommers
using HTML:
<a href="mEcommers">Continuar</a>

The log is:

GET /mEcommers HTTP/1.1
Host: 192.168.1.111:88
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.1.111:88/MercadoPago_Failure?collection_id=null&collection_status=null&external_reference=124738790&payment_type=null&merchant_order_id=null&preference_id=55501893-3d5118bd-09a2-4a05-91f2-83c7a25dadeb&site_id=MLA&processing_mode=aggregator&merchant_account_id=null
Accept-Encoding: gzip, deflate
Accept-Language: es-AR,es;q=0.9,es-419;q=0.8,en;q=0.7
Cookie: LOC__REMEMBER=1; USER_TYPE=; LOC__EMPRESA=wsami-arm-1279-2009; LOC__PASSWORD=123; LOC__LOGIN=armi; SESSIONIDX=141849643


The SESSIONIDX cookie is wrong and then the user becomes disconnected.

How to solve this?

[Bruce]

The fact the cookie is missing is perhaps in play here.
ie you start on (presumably)
192.168.1.111:88
presumably if you navigate here for a bit you'll see a cookie?

Then you go to
https://www.mercadopago.com.ar/checkout/v1/redirect?pref_id=55501893-1b62ecfe-ce4c-4448-bd37-3c2bc782a2b3

which ultimately redirects you back to 192.168.1.111:88
At which point the cookies for that site should appear. And do for
Cookie: LOC__REMEMBER=1; USER_TYPE=; LOC__EMPRESA=wsami-arm-1279-2009; LOC__PASSWORD=123; LOC__LOGIN=armi

So the first question becomes - why no Session cookie here? I think that's perhaps the root of the issue.
Are you coming back in the same browser tab? Are you coming back directly, or via some link in email etc?

cheers
Bruce

[Alberto]

I go to:
https://www.mercadopago.com.ar/checkout/v1/redirect?pref_id=55501893-1b62ecfe-ce4c-4448-bd37-3c2bc782a2b3
posting a jSon
In the same browser tab.
In that jSon I indicate where it has to go back
"back_urls": {
   "failure": "http://192.168.1.111:88/MercadoPago_Failure",
},

From this site, Mercado Pago is comming back to:
192.168.1.111:88/MercadoPago_Failure?collection_id=null&collection_status=null&external_reference=124738790&payment_type=null&merchant_order_id=null&preference_id=55501893-3d5118bd-09a2-4a05-91f2-83c7a25dadeb&site_id=MLA&processing_mode=aggregator&merchant_account_id=null HTTP/1.1

Now we are in MercadoPago_Failure proc which is a NetWebPage
At this point, having sent the SessionID in external_reference, I use
p_web.sessionID = p_web.GetValue('external_reference")
at the start of the proc code gettin it back
and I can save the success or failure using p_web.gsv() without problem.

In the HTML code of the proc I have:
<a href="mEcommers">GO</a>

And when the user clicks on 'GO' Nt goes to the  mEcommers page without sessionid.

Problem is when I go from MercadoPago_Failure using a html link to another server proc.

PD:Ive tested <a href="mEcommers?SessionID=xxxxx">GO</a>
and I got the same problem.

[Bruce]

That's nice, but you didn't answer my question;

>> So the first question becomes - why no Session cookie here?

If the browser is making a request to the server, then you should see the cookie. I'm wondering why it's not there...

cheers
Bruce

[Alberto]

>> So the first question becomes - why no Session cookie here?

I dont have no idea, I just go to Mercado Pago,
they return to my page and the cookie is gone.
I tryed to solve this sending the SessionId as a Value and when it returns
I restore it , save the results of MercadoPago in the session variables with no problem and when I go to another NT page the sessionID is gone.

Then Again, how do I restore the sissionID value for all the NT app?
Can I save this cookie?
I think this way the problem is sorted out.

Why this <a href="mEcommers?SessionID=xxxxx">GO</a> does not work either?

[Matthew51]

I'm running into a similar problem in almost the exact same situation. I'm using Global Payments as my payment processor.

My payment page is placed inside an iFrame using the Media form element. My callback page is a NetWebPage and gets posted to, I see yours is a get but I don't think that'll make a difference.

I also get no cookie at all in my callback.

My solution was similar to yours, post the sessionID to the payment gateway, and they sent it back. I set it to p_web.SessionID and it worked for me. I think the difference may be the iFrame is somehow protecting the cookie for future page requests. If that doesn't work you could try p_web.SetCookie and that should override the new sessionID.

I tried putting code before the parent call of _FindSessionID, but the value queue isn't read in at this point, and I don't want to pars every request a second time to see if it has a sessionID.

Also for extra security I encrypt and URL Base64 encode my sessionID before sending it to the processor.

I do get an unused Session, but that's not a big deal as we just got their money.

[Alberto]

Thanks Matthew51 !!!
SetCookie did the trick!
Cheers