Jump to content
Larry Ullman's Book Forums

_Session String Destroyed When Returning From Paypal

Recommended Posts

After the user goes to PayPal and makes a successful purchase, the user is redirected back to the "thanks.php" page on my site (in accord with Chapter Six).


But there is no _SESSION information available!  Therefore the "thanks.php" will not run properly, because it doesn't have the user_id or reg_user_id to be able to write it to the database.




Important Note: I am not (yet) using the pdt.php; I'm trying to make it work without it for now.  

Link to post
Share on other sites

If there's no session data available, that would suggest the session cookie is lost or not available. I'd start by making sure that PayPal redirects the user back to the same domain (e.g., from www.example.com to www.example.com not from www.example.com to example.com).  Also make sure that the HTTP/HTTPS is staying the same.

Link to post
Share on other sites

I thought of that too, Larry.  But that doesn't appear to be the problem.  

  • I verified that my website is using https:// on the page where the user clicks the PayPal button.
  • Then I verified that PayPal was redirecting back to: https://www.readinesstest.com/thanks...
  • So it would seem that the user stays within https:// settings the whole time (unless maybe the PayPal sandbox site is not https:// and that is what destroys the sessions?

Any help you or others could offer would be great.  I guess the next step is to try implementing the pdt.php but I'm a little gun-shy at this point...  

Link to post
Share on other sites

And just to confirm (because you didn't mention it), it's www. both times, too?


Keep in mind that PayPal has nothing to do with your sessions or session data. It's the same as if I started a session at my site. Then went to ESPN (in the same browser). Then went back to my site. The session cookie only gets transferred back and forth between my browser and my site. 


Your site destroys the session data based upon many criteria, but that's probably not happening here. You can confirm this by printing out the session ID at every step to see if that changes. 

Link to post
Share on other sites

Resolved with a work-around using cookies.


It looks like this is not such an uncommon problem.  Here is a helpful article:



I went with the cookie solution, but in the future I might experiment with this:


session_save_path('"your home directory path"/cgi-bin/tmp');

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...