The issue discovered was that the redirect url stored in the customer session before redirecting to PayU still exists after PayU sends through to the server the Instant Payment Notification (IPN) payload. At the moment the session data is only cleared when the customer is redirected back to merchant store from PayU. So if the user closes the page while still at PayU gateway, without being redirected from PayU, and subsequently commence with a new checkout, the pre-existing session will still be used. This leads to double processing.
The issue discovered was that the redirect url stored in the customer session before redirecting to PayU still exists after PayU sends through to the server the Instant Payment Notification (IPN) payload. At the moment the session data is only cleared when the customer is redirected back to merchant store from PayU. So if the user closes the page while still at PayU gateway, without being redirected from PayU, and subsequently commence with a new checkout, the pre-existing session will still be used. This leads to double processing.