loss of session information 1

[btween]

I have an e-commerce site that works with Verisign's Payflow Link and the problem is when a customer has entered the payflowlink terminal, but presses the back button on the browser, the amount information is lost, and they don't get charged for the order.

The order information is passed from the site to the verisign server via a post.

How can I stop the cutsomer from going back to the website.

I tried using the HTTP_REFERER to say if the request comes from verisign then to redirect back to verisign, but the HTTP_REFERER reflects the previous page on the website rather than the verisign page, so that is no good.

thanks for your help

 

[btgroup]

As a first line of defense, you can add the following javascript onto your page so the user can't go back to a previous page:

<script language="JavaScript">
<!--
window.history.forward(1);
-->
</script>

You should also add the following on the page you don't want the user to go back to:

<% Response.CacheControl = "no-cache" %>>
<% Response.AddHeader "Pragma", "no-cache" %> 
<% Response.Expires = -1 %>

Hope that helps.