[ISSUE] Thank you page can be opened multiple times

[frank-bokdam]

Describe the bug It's possible to visit the thank you page page multiple times (while loading transaction data) when using the mollie/checkout/process url.

Used versions

• Magento Version number(eg 2.3.5): 2.4.6-p2
• Open source/Enterprise/B2b: open source
• Mollie version number (Check configuration): 2.29.1

To Reproduce Steps to reproduce the behavior:

1. Create an order using a mollie payment method.
2. open network tab
3. finish payment
4. copy the url from network tab to controller mollie/checkout/process
5. past this url in different browser.

Expected behavior I would expect to be redirected to cart page, just like what happens when you refresh a page.

Actual behavior Actually the thank you page opens again, resulting in duplicate tracking issues.

Screenshots

Additional context I've ran a debugging session and noticed that while processing the transaction: \Mollie\Payment\Model\Mollie::processTransaction some data is being set in the session in: \Mollie\Payment\Model\Client\Payments::checkCheckoutSession.

As a result the \Magento\Checkout\Model\Session\SuccessValidator::isValid check will return true and thank you page can be loaded again.

I'm also noticing that after just reloading in same browser, the following if statement is false, while true when you visit this from a new browser: vendor/mollie/magento2/Model/Client/Payments.php:513

I was thinking to add an additional check here. For example check if the payment is already processed in magento by checking the mollie_payment_transaction_to_order table.

I'm not entirely sure about other implications here though.

[Frank-Magmodules]

Hi There @frank-bokdam , Thanks for opening this issue with a clear description. Much appreciated. We'll return with more information on this matter shortly.

[Frank-Magmodules]

HI There @frank-bokdam ,

We have conducted a thorough investigation into this matter and discussed our approach. It appears that the thank-you page can be accessed multiple times, which should not impact tracking, as it contains all the relevant IDs. As for the redirection to an empty cart, it may not align with user expectations.

This behavior seems to be part of how Magento currently functions, and personally, I believe it should not be addressed within the Mollie Payment plugin.

We have also considered the possibility of introducing an option to handle this, but we need to investigate the potential impact of such a change. It could affect the order success flow, especially when switching between desktop and mobile, given the complex logic present in both the module and Magento for the success page.

I will provide further updates on this matter at a later time.

[frank-bokdam]

@Frank-Magmodules I don't think we agree here. As mentioned I think the issue lies within the \Mollie\Payment\Model\Client\Payments::checkCheckoutSession method. At line 513 the check is comparing current order with last order in session (which is obviously false in a new browser). IF they are not equal, the order is actually being set again in the session.

This all happens within the mollie module, hence I do think it is an issue with the mollie module.

I'm not sure if I can just fix this comparison though as I do not know implication for webhooks for example.

I'll create a PR for the fix I've now created locally, this still needs thorough testing though. As mentioned, it's hard for me to assess all implications.

[Frank-Magmodules]

Hello @frank-bokdam, I've had a discussion with the team regarding your PR. Unfortunately, we cannot deploy it for broader usage. However, we had another discussion on your topic to explore the possibility of developing a solution that aligns with your needs and addresses the underlying issue.

Before proceeding, we need a clearer understanding of the problem. We'll be investigating whether tools like GA4 indeed consider a double success page as a double conversion. Removing the possibility of opening the success page multiple times could potentially lead to other issues, especially in scenarios like cross-device payments. For instance, i think it's important to display success on both devices to confirm a successful order. Redirecting one device to the cart(?) and the other to the success page could raise even more questions.

I've sent you a direct Slack Message to discuss the options 1:1.

[Frank-Magmodules]

Hi There @frank-bokdam ,

We discussed this a while ago at Meet Magento, and then we went silent for a while. But I’m here to bring some good news: We have implemented this for you within our latest release.

From now on, customers can only open the success page once. When they try to open the page for the second time they get redirected back to the shopping cart. We implemented a different solution, so we are closing this pull request, but we still appreciate your input!

I'm closing both this issue and your PR for now, but please feel free to reopen them if necessary.