Maintaining the same HTTP session for a payment with 3D Secure authentication

Maintaining the same HTTP session for a payment with 3D Secure authentication

The architecture of the payment gateway is based on a set of servers with load balancing.

To make sure the process remains undisrupted, each query associated with the same payment must be made with the same HTTP session.

Therefore, for each createPayment query with 3D Secure authentication (threeDSRequest), a session is created on the server.

The ID of this session must be sent in the HTTP header of the response and returned in the createPayment query in ENABLED_FINALIZE mode.

Here are examples of this operation performed in Java and PHP:

  • In JAVA

    Use the SESSION_MAINTAIN_PROPERTY property after making sure that you set its value to True in order to automatically retrieve the session details associated with the HTTP query and to keep the cookie with the session ID (Standard Java , JAX-WS).

    ((BindingProvider)port).getRequestContext().put(BindingProvider.SESSION_MAINTAIN_PROPERTY,true);

  • In PHP
Here is an example of code for retrieving and transmitting the session id:
/* The following method allows to retrieve the HTTP header of the response 
$/$header= $client -> __getLastResponseHeaders ();
/* In the obtained string, search for the HTTP session ID
, stored in the "JSESSIONID" element : */
if(!preg_match("#JSESSIONID=([A-Za-z0-9\.]+)#",$header, $matches)){
return "No Session ID Returned. " ; //Technical error
} 
$cookie= $matches[1] ) ; 
/*The following method allows to specify the cookies that will be sent in each http header
*/
$client ->__setCookie ("JSESSIONID",$cookie );

This method allows the server to retrieve the contents of the header and transmit them as cookies in the HTTP query.