one purchase per session?

[theotrain]

im making a checkout page. on a best practices document provided by the payment processor, it says this:

if you host a payment form page, implement controls to restrict its use to one authorization per order session.

i assume this means fix it so the customer cannot submit multiple orders by mistake, by somehow checking the session is different for each order? am i interpreting that correctly, and how would you do that in coldfusion? what do you guys do to make sure there arent any problems in this area? i'd like to do it right!

thanks

 

[theotrain]

i found out that the payment processor (authorize.net) automatically does this. it defaults to a time of 2 minutes in which submissions from the same session are disallowed, but the time can be set to whatever you want.

so i dont know what they mean by the above, which also comes from authorize.net, but im going to assume it isnt critical.

 

[powella]

I wouldn't take it to mean a literal session (ie CF session). You don't want them to hit the back button and submit the payment again as that would almost never be intentional and you wouldn't want the hassle of a double charge. On the other hand you don't want to prevent the user from starting a new order for different or same parts (maybe they are shipping them to different locations, etc).

So one payment (ie authorization) per distinct "order" not CF session.