Forum Moderators: buckworks
I am in the process of developing a custom shopping cart for our company. As one of our payment options, we will allow our customers to pay through paypal. I am using asp.net to develop the shopping cart and I am now creating the function that passes the customer's shopping cart to PayPal for payment.
I am passing the cart variables throught the URL and we are concerned with people being able to see (and change) the cart information (ie. price) through the URL. Does anyone have any suggestions for us? I realize that I could check the price for each product during the Instant Payment Notification, however, the payment will have already been completed. Also, what do I do if I find out that someone has changed the price of a product? I would like to say that I could keep their money and not send them their order.
If there are any asp.net experts out there, can you tell me how to send my customer's shopping cart variables without using the URL?
Thanks, and I'd appreciate any advice as this is our first forray into e-commerce.
Assumming the did, which is always possible, yes you would have to realize that on the IPN side of the transaction and handle it accordingly. You have the option of not shipping the order, and then manually refunding the payment through paypal (paypal lets you do this for free). You could also tell the user you will refund the payment minus a 5% processing fee if you want. They are attempting to cheat you out of money, so I doubt you'll see them complain too much. I wouldn't outright keep the money though. Thats rather mean IMHO.
