Solved

Postback from third party and updated client browser

Posted on 2014-03-24
10
404 Views
Last Modified: 2014-03-25
I am trying to wrap my head around a secure process for handling payments with CyberSource (a payment processor).

The setup has been approved by our company security group to work as follows:
1.) client requests a page with a CC form
2.) client fills out and submits the CC form via AJAX call and directly POSTs to CyberSource
3.) CyberSource does it's thing and returns a code and description from the result to the server
4.) The server must identify that the postback from CyberSource relates to a particular client and then update that client's browser with the appropriate message (success, error, etc..)

I'm having a hard time figuring out how I can proactively send a message to an existing browser session without a request originating from that client's browser. Does anyone have some light they can shed on this?

I figure an alternative could be a client-side timer that pings the server and checks the database to see if a postback has been received, but that seems inefficient and would add a lot of server load.
any ideas? is there a particular term or protocol that I should be looking up that describes my desired setup?
Thanks!
0
Comment
Question by:dale_abrams
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 58

Expert Comment

by:Gary
ID: 39952149
Number 2 would be very unusual - that would mean exposing your security details.

Normal scenario, if you don't want to post the form, is to send the ajax request to your server, have your php script make the call to the api, wait for the response from CyberSource and then send a response back to the browser.
Ajax has a callback method that will wait for the response so there is nothing you need to do but let the code wait for a response and in your js have a routine to handle the callback when it arrives.
0
 
LVL 1

Author Comment

by:dale_abrams
ID: 39954095
Hi Gary,
I work for a large company with a security group that has a lot of oversight on the way that applications are set up. They have specified that they do not want the payment info to touch our servers, so the setup where the client posts to our server and then we forward to CyberSource is not an option. Do you have any ideas regarding how i can push an update to a client browser after my server receives the post back from CS?
Thanks,
Dale
0
 
LVL 58

Expert Comment

by:Gary
ID: 39954130
The comment above still applies, just changing the post to their server.
The ajax will wait for the callback response and in the callback you do whatever with the response.
Are you using jQuery or plain javascript?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:dale_abrams
ID: 39954154
Unfortunately, your suggestion isn't an 'approved' method because the client could potentially manipulate the decision data before it gets back to our servers. I have actually proposed both of your suggestions and they have been shot down. The only approved method I can work with is to have CS post back to our server and then I push an update to the client browser, or, as I mentioned above, to set up a timer that pings the server from the client to see if the post back has been received.

I am using jQuery and AJAX calls.
Thanks,
Dale
0
 
LVL 58

Expert Comment

by:Gary
ID: 39954169
So you want to send the result to CyberSource's server but receive the response back to your own server?
How does CyberSource send the response? Is it a postback to a page on your server with no response sent back to the ajax call.
0
 
LVL 1

Author Comment

by:dale_abrams
ID: 39954174
That is correct. I provide CS with our server page to receive the response and then have to find a way to push this out to the client. So far, the method where I continually ping is the only way I can come up with.
0
 
LVL 58

Accepted Solution

by:
Gary earned 500 total points
ID: 39954212
The only other way, which is kinda similar, is long polling.  Create a connection and keep it open til it receives a response from your server.
http://techoctave.com/c7/posts/60-simple-long-polling-example-with-javascript-and-jquery

I cannot think of any other way of doing it.
0
 
LVL 1

Author Closing Comment

by:dale_abrams
ID: 39954367
Your link was helpful with the different types of polling. I think I'm going to have to resign to polling being that I've never heard of a true push mechanism. Thanks for your help Gary!
0
 
LVL 58

Expert Comment

by:Gary
ID: 39954377
There is HTML5 sockets, but that is reliant on an HTML5 browser and quite a bit more work setting it up.  It's not something I would bother with for the likes of this.
0
 
LVL 1

Author Comment

by:dale_abrams
ID: 39954496
Yeah, I saw that. I need to have it working on all browsers. Taking payments is too imperative to only work on some of them. Thanks!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This video teaches users how to migrate an existing Wordpress website to a new domain.

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question