Investigate: Edge case when provided payId is missing or already expired on gateway

[fprochazka]

• https://github.com/csob/paymentgateway/issues/135
• https://github.com/slevomat/csob-gateway/pull/7

[janlanger]

I don't think this issue affects this library. As I understood from your code, you return url with payment/process directly to client and the browser makes the request. We on the other hand make payment/process API call on server and read Location header from response (https://platebnibrana.csob.cz/pay/...).

So with this edge case in Kdyby/CsobPaymentGateway user gets redirected to https://platebnibrana.csob.cz/payment/process, gateway shows HTML page like "Payment not found or expired" and user gets redirected back.

We considered using similar approach, but decided against it, because for one, you cannot detect this issue on server, and also it does not seem very user-friendly :)

[fprochazka]

@janlanger thanks for the info, I didn't have the time to investigate it just yet.

But if you say it works, I'm happy. Less abstraction is in this case a plus, because using this lib doesn't prevent you from achieving the same behaviour :)