We've had a case where a customer was able to pay twice for an order, and have the money taken from their credit card twice. Looking at the log, the first payment timed out:
2014-07-22 11:55 - Transaction sent. VendorTxCode: 1872_0_1872201733
2014-07-22 11:55 - Sage Pay HTTP request failed: -1 request timed out.
I'm not sure what the customer sees in this situation but presumably they're encouraged to try again, because two minutes later a second payment worked fine:
2014-07-22 11:57 - Transaction sent. VendorTxCode: 1872_0_602714877
2014-07-22 11:57 - Transaction authorized. Status: OK etc.
Looking at uc_sagepay.module (line 538 on mine):
if ($response->code != 200) {
$result['message'] = t('Sage Pay HTTP request failed: %error.', array('%error' => $response->code . ' ' . $response->error));
if ($order) {
uc_order_comment_save($order->order_id, $order->uid, $result['message']);
}
return $result;
}
In this case, the response code returned by drupal_http_request is -1 and it seems this should be handled separately from all the normal HTTP response codes. At the very least, if nothing can be done, this needs to be flagged so that we can immediately refund the customer. In this case we didn't spot the problem for several weeks.
Comments
Comment #1
hanoiiThis is an interested use case. I have installed this module in several clients without this issue, but definitely one to consider. I guess your solution of flagging it is ok. Another options is to let the customer know that something odd happened and that he should not do another purchase, but this may make you lose a purchase, so maybe your approach of flagging it is a good one.
Will think about it. I am about to release a 3.x version supporting the new 3.00 protocol and deferred transactions, so this will probably be pushed for after that.
Comment #2
hanoii