locked
Is it safe to use Session[] in PayPal transaction or should I pass a verification token via URL? RRS feed

  • Question

  • User-1134857695 posted

    Sup people! 

    I've been reading this article: 

    www.asp.net/web-forms/overview/getting-started/getting-started-with-aspnet-45-web-forms/checkout-and-payment-with-paypal

    And went ahead and implemented PayPal in my site through Moolah (https://github.com/davidduffett/Moolah). But between PayPal sessions I need to pass a couple of variables and validate if the user has gone through each of the steps in order to proceed. 

    Since, I've read all over the place (specially this forum, thanks to brockallen) that Session[] should be avoided when possible due to the possibilities of getting lost in a thread refresh (and that asp.net article is using it all over the place). I was wondering how safe it was to pass an encrypted URL and decrypt it in my end? It is the only two ways I could come up with, on how to use them. 

    Thanks.

    Monday, February 15, 2016 6:12 PM

All replies

  • User-1134857695 posted

    Perfect! PayPal has a custom field for sending this kind of things. 

    Instead of Session[] I have used cookies successfully in order to track the steps that the user is taking for completing an order. If the unfathomable decides to break between the processes he'll receive a nice nag :) 

    Tuesday, February 16, 2016 2:00 AM