PayPal keeps sending the verifications repeatedly to myIPNNotificationURL for the same transaction even if the transaction is VERIFIED and COMPLETED
Inside my IPN handler URL I'm using Coldfusion CFHTTP to send the postback.
<cfhttp url="https://www.sandbox.paypal.com/cgi-bin/webscr?#loc.parameters#" method="get" resolveURL="false"></cfhttp>
This is my dump of the CFHTTP
Charset UTF-8
ErrorDetail [empty string]
Filecontent VERIFIED
Header HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Connection: close Set-Cookie: c9MWDuvPtT9GIMyPc3jwol1VSlO=TidDQytX4Sb52iFHJKvjfI2whU4adLlGiAPXsPFEMmDmeS2Gsg2Eb7BNm3BjrA2Gue9mW-aj4vTUqQgz6oDgnabKNi7ofv3-I5JSyQeDuVt1UmStDFX5k4BbJ2zaV0vgqxnT9G%7coTXCj1bknWC4bbsgnuwe8gNbfVI6zAwERp8Q5qY5kgyEjNl-y_ztsX81v3pMhATPl635-0%7c9yK10cUCi5fnPGd4soVpbcOX5PMUX8Dci5UFV83sk8tpib4MnSIDumavWGAUX7Ih9AEG80%7c1310056764; domain=.paypal.com; path=/; Secure; HttpOnly Set-Cookie: cookie_check=yes; expires=Sun, 04-Jul-2021 16:39:24 GMT; domain=.paypal.com; path=/; Secure; HttpOnly Set-Cookie: navcmd=_notify-validate; domain=.paypal.com; path=/; Secure; HttpOnly Set-Cookie: navlns=0.0; expires=Wed, 02-Jul-2031 16:39:24 GMT; domain=.paypal.com; path=/; Secure; HttpOnly Set-Cookie: Apache=10.72.109.11.1310056764157096; path=/; expires=Sat, 29-Jun-41 16:39:24 GMT Date: Thu, 07 Jul 2011 16:39:24 GMT Server: Apache
Mimetype text/html
Responseheader
struct
Connection close
Content-Type text/html; charset=UTF-8
Date Thu, 07 Jul 2011 16:39:24 GMT
Explanation OK
Http_Version HTTP/1.1
Server Apache
Set-Cookie
struct
1 c9MWDuvPtT9GIMyPc3jwol1VSlO=TidDQytX4Sb52iFHJKvjfI2whU4adLlGiAPXsPFEMmDmeS2Gsg2Eb7BNm3BjrA2Gue9mW-aj4vTUqQgz6oDgnabKNi7ofv3-I5JSyQeDuVt1UmStDFX5k4BbJ2zaV0vgqxnT9G%7coTXCj1bknWC4bbsgnuwe8gNbfVI6zAwERp8Q5qY5kgyEjNl-y_ztsX81v3pMhATPl635-0%7c9yK10cUCi5fnPGd4soVpbcOX5PMUX8Dci5UFV83sk8tpib4MnSIDumavWGAUX7Ih9AEG80%7c1310056764; domain=.paypal.com; path=/; Secure; HttpOnly
2 cookie_check=yes; expires=Sun, 04-Jul-2021 16:39:24 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
3 navcmd=_notify-validate; domain=.paypal.com; path=/; Secure; HttpOnly
4 navlns=0.0; expires=Wed, 02-Jul-2031 16:39:24 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
5 Apache=10.72.109.11.1310056764157096; path=/; expires=Sat, 29-Jun-41 16:39:24 GMT
Status_Code 200
Statuscode 200 OK
Text YES
Also I've use the (IPN) simulator from Paypal and it gives me this error message: IPN delivery failed. HTTP error code 404: Not Found
If they are sending multiple requests to you're myIPNNotificationURL, meaning they're hitting that URL multiple times for the transaction. Luckily those transaction IDs are unique. The key here is recognizing when you have a duplicate so you can treat it as such.
You could write a script that would store these into a stateful object (database or application scope) for a period of time so that you could recognize duplicates.
Once you know you have a dupe, you can ignore it. I don't know how or what they're sending you as far as post values, if you post them I can whip up some sample code.
Sorry guys the issue was with my framework.
Related
need to get some cookie out from the Set-Cookie and pass the cookie in next request header's cookie. The sample Set-Cookie is like:
Set-Cookie:
AWSALB=8KRpAv...hpOJQm; Expires=Thu, 29 Dec 2022 13:45:03 GMT; Path=/
AWSALBCORS=8KRpAv...pOJQm; Expires=Thu, 29 Dec 2022 13:45:03 GMT; Path=/; SameSite=None; Secure
OTHER_BROWSER=1qpa...5a4jn; Domain=google.com; Path=/; Secure; SameSite=None
When trying to get the Set-Cookie
HttpURLConnection connection = url..openConnection();
... ...
String response_header_setCookie = connection.getHeaderField("Set-Cookie");
// the response_header_setCookie has only OTHER_BROWSER=1qpa...5a4jn; Domain=google.com; Path=/; Secure; SameSite=None
It returns "the latest" added one only.
Question:
How to selectively extract some of the cookies from "Set-Cookie" (i.e. by the cookie name AWSALB)?
How get the cookie part only (cut off the Domain/path etc.)? Is it safe to use the first ";"? theSingleCookieValue.substring( 0, theSingleCookieValue.indexOf(";")+1);
I'm using EWS GetItem operation to fetch data from exchange server, but i've got following error
Error 401 fault: SOAP-ENV:Server[no subcode]
"HTTP Error"
Detail: HTTP/1.1 401 Unauthorized
However my login credential are correct, since those are works well with findItem request and response, but when GetItem request goes to server it give above error. My credentials are like:
soap *pSoap = proxy->soap;
proxy->soap_endpoint = "https://outlook.office365.com/ews/exchange.asmx";
pSoap->userid = "abcd#abcd.onmicrosoft.com";
pSoap->passwd = "abcd1234";
And Received log are like
HTTP/1.1 200 OK
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/8.0
request-id: b66330dd-37a5-40c0-946f-12a204b2eacb
Set-Cookie: ClientId=OVJLSVEMECIIUMMAXM9JA; expires=Thu, 22-Sep-2016 18:00:57 GMT; path=/; secure; HttpOnly
X-CalculatedBETarget: SG2PR06MB1165.apcprd06.prod.outlook.com
X-BackEndHttpStatus: 200
Set-Cookie: exchangecookie=fa26578c8e659cf1ccc3f50b3a83; expires=Fri, 23-Sep-2016 18:00:58 GMT; path=/; HttpOnly
x-EwsHandler: FindItem
X-AspNet-Version: 4.0.30319
X-DiagInfo: SG2PR06MB1165
X-BEServer: SG2PR06MB1165
Set-Cookie: ClientId=OVJLSVEIIUMMAXM9JA; expires=Thu, 22-Sep-2016 18:00:57 GMT; path=/; secure; HttpOnly
X-Powered-By: ASP.NET
X-FEServer: SG2PR03CA0031
Date: Wed, 23 Sep 2015 18:00:58 GMT
Connection: close
17d
<?xml version="1.0" encoding="utf-8"?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Header><h:ServerVersionInfo MajorVersion="15" MinorVersion="1" MajorBuildNumber="268" MinorBuildNumber="21" xmlns:h="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
1e8
</s:Header><s:Body><m:FindItemResponse xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types"><m:ResponseMessages><m:FindItemResponseMessage ResponseClass="Success"><m:ResponseCode>NoError</m:ResponseCode><m:RootFolder TotalItemsInView="2" IncludesLastItemInRange="true"><t:Items><t:Message><t:ItemId Id="
edAQAfAGNvObtNFsAAAA==" ChangeKey="CQfwjm7TRbAAAAAAWl"/></t:Message><t:Message><t:ItemId Id="
133AQAfAGCObtNFsAAAIFUAAAAA==" ChangeKey="CQAAABYAAACZNImAAAAAWT"/></t:Message></t:Items></m:RootFolder></m:FindItemResponseMessage></m:ResponseMessages></m:FindItemResponse>
</s:Body></s:Envelope>
/* This below log for getItem Request*/
HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/8.0
request-id: 7a1a654c-fa72-46b0-ab76-a6045c576d9f
Set-Cookie: ClientId=H8THXUH0BECF9HJMTXHEW; expires=Thu, 22-Sep-2016 18:01:01 GMT; path=/; secure; HttpOnly
X-Powered-By: ASP.NET
X-FEServer: SG2PR03CA0003
WWW-Authenticate: Basic Realm=""
Date: Wed, 23 Sep 2015 18:01:00 GMT
Connection: close
Content-Length: 0
What could be possibly wrong here, why one request pass and another fail? any idea? thank you.
I got it!!, it's error occurs just because of my second request not able to login on the exchange server. since i've provided my credentials only once, So when findItem Response come, connection with the server is 'closed' and my next subsequent request not able to login. so i've to login once again to the server.
I have two subdomains, local-api.domain.com and local-web.domain.com
local-web.domain.com has a page (local-web.domain.com/test/authtest) that calls out via AJAX to a login service (local-api.domain.com/authentication/login) on local-api.domain.com. The login checks the user's posted credentials, and if they're valid then logs the user in via ASP.Net forms auth. Here is a sample raw response that comes back from the service:
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Set-Cookie: token=dsaaflkdaflkxEfrLEUH2Bsfdsjfdksfjdsklfj; expires=Sat, 11 Jan 2014 00:16:04 GMT; domain=.domain.com; path=/; httponly
Access-Control-Allow-Origin: http://local-web.domain.com
Access-Control-Allow-Credentials: true
Set-Cookie: .ASPXAUTH=E18F1521FFF70FDFD60444F6EA791D28DDF1010F907D35DD13CDA7E2698CE9DCFB50A25853A5BCFEA0E21820A0760D8412D517548F59344EDDA052DD6D7BD7DDB1D47D011F2EFE3B58B6B2690B370D54C560FC6FA3B0990190E0CB8A8B4CC80BEA925CA928256C78C502E74444566785C95EDC399777B3CB0D2AAFFD219B3ED5; domain=.domain.com; path=/; HttpOnly
Set-Cookie: Visitor=acfbc21b-6259-4000-809d-7dbc72db8309; domain=.domain.com; expires=Sat, 10-Jan-2015 00:16:04 GMT; path=/; HttpOnly
Set-Cookie: Visit=78406825-adf1-4224-af57-0350136a5fc6; domain=.domain.com; path=/; HttpOnly
Set-Cookie: Culture=en; domain=.domain.com; expires=Sat, 10-Jan-2015 00:16:04 GMT; path=/; HttpOnly
Date: Fri, 10 Jan 2014 00:16:04 GMT
Content-Length: 122
{"token":"dsaaflkdaflkxEfrLEUH2Bsfdsjfdksfjdsklfj","firstName":"Steve","lastName":"Smith"}
However, when I reload the page; I find that the cookie that was set in the response is not there. Further investigation with Chrome Developer Tools finds that the cookie doesn't even get saved after the login response; even though there is a Set-Cookie header.
I'm not sure what I'm doing wrong here. Going by similar questions on the site and their responses; I believe I have everything set up properly for the cookie to be saved and resent across my subdomains. Been Googling for last hour but haven't found anything. Any ideas?
As reproduced on Charles Proxy application,
Replacing httponly with HttpOnly on the conflict cookie did work fine.
I think that's the issue.
I have set withCredentials = true, and I get the following headers from the server
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept,Origin,Referer
Access-Control-Allow-Methods:GET, POST, OPTIONS
Access-Control-Allow-Origin:.mydomain.com
Connection:keep-alive
Content-Type:application/json
Date:Tue, 06 Aug 2013 12:37:47 GMT
Server:nginx/1.1.19
Set-Cookie:sessionid=zjn8naedymjj6mm0aqjgxljbs3u1njzf; expires=Tue, 20-Aug-2013 12:37:47 GMT; httponly; Max-Age=1209600; Path=/
Transfer-Encoding:chunked
Vary:Cookie
but the cookie doesn't get set or transmitted on next request.
It turned out that I can't just use .domain.com (wildcard) with Access-Control-Allow-Origin, and I have to use `http://exact.subdomain.example.com'
I'm sure I must be doing something wrong. But can't for the life of me figure out what is going on.
I have a problem where it seems that the HttpWebRequest class in the framework is not correctly parsing the cookies from a web response.
I'm using Fiddler to see what is going on and after making a request, the headers of the response look as such:
HTTP/1.1 200 Ok
Connection: close
Date: Wed, 14 Jan 2009 18:20:31 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Set-Cookie: user=v.5,0,EX01E508801E$97$2E401000t$1BV6$A1$EC$104$A1$EC$104$A1$EC$104$21O001000$1E31!90$7CP$AE$3F$F3$D8$19o$BC$1Cd$23; Domain=.thedomain.com; path=/
Set-Cookie: minfo=v.4,EX019ECD28D6k$A3$CA$0C$CE$A2$D6$AD$D4!2$8A$EF$E8n$91$96$E1$D7$C8$0F$98$AA$ED$DC$40V$AB$9C$C1$9CF$C9$C1zIF$3A$93$C6$A7$DF$A1$7E$A7$A1$A8$BD$A6$94c$D5$E8$2F$F4$AF$A2$DF$80$89$BA$BBd$F6$2C$B6$A8; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Set-Cookie: accttype=v.2,3,1,EX017E651B09k$A3$CA$0C$DB$A2$CB$AD$D9$8A$8C$EF$E8t$91$90$E1$DC$C89$98$AA$E0$DC$40O$A8$A4$C1$9C; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Set-Cookie: tpid=v.1,20001; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Set-Cookie: MC1=GUID=541977e04a341a2a4f4cdaaf49615487; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Set-Cookie: linfo=v.4,EQC|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Set-Cookie: group=v.1,0; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Content-Type: text/html
But when I look at the response.Cookies, I see far more cookies that I am expecting, with values of different cookies being split up into different cookies.
Manually getting the headers seems to result in more wierdness
eg: the code
foreach(string cookie in response.Headers.GetValues("Set-Cookie"))
{
Console.WriteLine("Cookie found: " + cookie);
}
produces the output:
Cookie found: user=v.5
Cookie found: 0
Cookie found: EX01E508801E$97$2E401000t$1BV6$A1$EC$104$A1$EC$104$A1$EC$104$21O00
1000$1E31!90$7CP$AE$3F$F3$D8$19o$BC$1Cd$23; Domain=.thedomain.com; path=/
Cookie found: minfo=v.4
Cookie found: EX019ECD28D6k$A3$CA$0C$CE$A2$D6$AD$D4!2$8A$EF$E8n$91$96$E1$D7$C8$0
F$98$AA$ED$DC$40V$AB$9C$C1$9CF$C9$C1zIF$3A$93$C6$A7$DF$A1$7E$A7$A1$A8$BD$A6$94c$
D5$E8$2F$F4$AF$A2$DF$80$89$BA$BBd$F6$2C$B6$A8; expires=Sunday
Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Cookie found: accttype=v.2
Cookie found: 3
Cookie found: 1
Cookie found: EX017E651B09k$A3$CA$0C$DB$A2$CB$AD$D9$8A$8C$EF$E8t$91$90$E1$DC$C89
$98$AA$E0$DC$40O$A8$A4$C1$9C; expires=Sunday
Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Cookie found: tpid=v.1
Cookie found: 20001; expires=Sunday
Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Cookie found: MC1=GUID=541977e04a341a2a4f4cdaaf49615487; expires=Sunday
Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Cookie found: linfo=v.4
Cookie found: EQC|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1; expires=Sunday
Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
Cookie found: group=v.1
Cookie found: 0; expires=Sunday
Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/
as you can see - the first cookie in the list raw response:
Set-Cookie: user=v.5,0,EX01E508801
is getting split into:
Cookie found: user=v.5
Cookie found: 0
Cookie found: EX01E508801E$..........
So - what's going on here?
Am I wrong?
Is the HttpWebRequest class incorrectly parsing the http headers?
Is the webserver that it spitting out the requests producing invalid http headers?
Commas in cookie values are to be avoided - you may need to encode them differently.
The original netscape spec for cookies was a little vague on this issue, stating
NAME=VALUE :
This string is a sequence of characters excluding semi-colon, comma
and white space. If there is a need to
place such data in the name or value,
some encoding method such as URL style
%XX encoding is recommended, though no
encoding is defined or required.
recommended, but not required!
It seems that the server sends incorrect cookie values. IMHO commas are not allowed in cookie values. They need to be encoded with %2C.
you may want to use the integer overload of GetValues(i); you should only get back 7 strings then