--- Raditha Dissanayake <[EMAIL PROTECTED]> wrote: > What happens is that the gateways include your page instead of posting > to your page. > > For example if you visit a site that uses worldpay as a payment service > provider you will see their banner on the thank you page after > payment is made. In such cases the header functions will not work > because it's too late to send them.
In case this wasn't clear, I can elaborate... Let's use some fake domains: 1. payment.org - the payment processor 2. yoursite.org - your Web site As a user, I want to buy something from yoursite.org, and you use a payment processor for this purpose. I click a link from your site to theirs, so http://payment.org/... is displayed in my browser. I enter some credit card ifnormation, and click the button, and this happens: 1. payment.org verifies my information, charges my credit card, etc. 2. payment.org sends an HTTP request (typically a POST) to a URL at yoursite.org, where you receive payment notifications. You make the output of this page appropriate for the end user. 3. payment.org displays the output of your page to the user. So, after I (the user) click the submit button, I see a "thank you" page of some sort that was generated by yoursite.org. However, my browser still shows that I am on payment.org's Web site. To recap, payment.org is playing the role of a Web client (browser, for example) when communicating with yoursite.org's payment notification page. It uses the output of this page (the HTTP content) to use when it communicates back to the user, at which time it is playing the more typical role of a Web server. Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming mid-2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
