Silent Url Return Post Shopping Cart

I am having problem with my application sending me an email. I am using verisign payflow link for processing my shopping cart. When the transaction is complete it sends a silent post (returning the following form variables found below) to a page with the following code. However I want it to email me the contents of the cart which can be found in bold blue. When I put this code(found in blue) into the <cfmail> tags it doesn't go through (must give some error). Does anyone have any idea or experience with this. I have contacted verisign support and they don't have any solution as of yet so I thought I would post there here and see if anyone had run accross anything like this. Thanks

<cfoutput><cfloop from="1" to="#ArrayLen(Session.Cart)#" index="ThisItem">
<cfquery name="geItem" datasource="members">
SELECT item_price,itemid,item_name,item_options, memberprice,
fishdogprice FROM items WHERE itemid = "#Session.Cart[ThisItem].ItemID#"
</cfquery>
Item ID: #Session.Cart[ThisItem].ItemID#
Item Qty: #Session.Cart[ThisItem].Qty#
Item Name: #geItem.item_name#
Item Price: #geItem.fishdogprice#
<cfif isDefined("Cookie.UserID")>
Member Price: #geItem.memberprice#</cfif>
<br></cfloop>
<cfset Variables.mytotal = "#Session.ordertotalnotaxnosh#"><br>
mytotal: #Variables.mytotal#<br>
Shipping Charge: #Session.shippingcharge#<br>
Tax applied: #DollarFormat(Session.amountoftaxes)#<br></cfoutput>
<cfif isDefined('Form.AMOUNT')><cfmail to="erikdalton@domain.com" from="test@domain.com" subject="testworked">the test worked<br>#Form.AMOUNT#</cfmail>
<cfmail to="info@domain.com" type="html" bcc="erikdalton@domain.com" from="orders@domain.com" subject="New order">
Shipping Information:<br>
Name: #Form.NAMETOSHIP#<br>
Address: #Form.ADDRESSTOSHIP#<br>
City: #Form.CITYTOSHIP#<br>
State: #Form.STATETOSHIP#<br>
Zip: #Form.ZIPTOSHIP#<br>
Phone: #Form.PHONETOSHIP#<br>
Amount: #Form.AMOUNT#
</cfmail><cfelse><cfmail to="erikdalton@domain.com" from="testfailed@domain.com" subject="testfailed">the test failed<br>#Form.AMOUNT#</cfmail></cfif>

Well the first thing to do is test it yourself. When YOU run it does it work?

When I just run the page like it is shown below, it outputs everything just fine. then gives the error of Form.Amount is undefined, which is fine because I am just running the page (it is not receiving the post data from the verisign silent post url page). However, when I run a transaction all the way through I am not sent anything, meaning the page must have had an error when verisign sent the silent post to it, but I don't get to see what the error was since it is a silent post. When the user clicks on the return to site button on the transaction complete page, it sends the exact same data to a different page on my site with the exact same code as below, and everything works fine. This doesn't make since to me.

Set up a test harness and run it that way. Write a tst_mypage.cfm file that sets up all the variables that your real page will need, and then cfinclude the target (ie "real") page. If you've correctly set up all the variables in the test harness, your page should execute with no errors.

Ok so I did what you suggested (create an include page), and if I just type it into the address bar of the browser it works fine. I get the email with all of the information. However, when I processed the transaction through verisign it only sent me the data that was in the page which was not in the included page. When trying to figure out why this was so, I put in a test of <cfif isDefined('Session.Cart')> before the code on the page which has the include within it (i.e. the silent return post url page set in verisign) and i didn't get an email at all meaning that this check must fail when verisign sends the post data to the page. I know this is confusing, but I don't understand how this is possible. The session is still defined. I am waiting a response from verisign still.

SilentPostPage.cfm (page setup in verisign)
page must fail when this check is included
<cfif isDefined('Session.Cart')><cfif not IsDefined('Form.AMOUNT')><cfset #Form.AMOUNT#=''></cfif><cfif isDefined('Form.AMOUNT')>
<cfif not IsDefined('Form.NAMETOSHIP')><cfset #Form.NAMETOSHIP#=''></cfif>
<cfif not IsDefined('Form.ADDRESSTOSHIP')><cfset #Form.ADDRESSTOSHIP#=''></cfif>
<cfif not IsDefined('Form.CITYTOSHIP')><cfset #Form.CITYTOSHIP#=''></cfif>
<cfif not IsDefined('Form.STATETOSHIP')><cfset #Form.STATETOSHIP#=''></cfif>
<cfif not IsDefined('Form.ZIPTOSHIP')><cfset #Form.ZIPTOSHIP#=''></cfif>
<cfif not IsDefined('Form.PHONETOSHIP')><cfset #Form.PHONETOSHIP#=''></cfif>
<cfmail to="erikdalton@domain.com" from="test@domain.com" subject="testworked">the test worked<br>#Form.AMOUNT#</cfmail>
<cfmail to="info@domain.com" type="html" from="orders@domain.com" subject="New order">
<cfinclude template="Checkoutinclude.cfm"><br>
Shipping Information:<br>
Name: #Form.NAMETOSHIP#<br>
Address: #Form.ADDRESSTOSHIP#<br>
City: #Form.CITYTOSHIP#<br>
State: #Form.STATETOSHIP#<br>
Zip: #Form.ZIPTOSHIP#<br>
Phone: #Form.PHONETOSHIP#<br>
Amount: #Form.AMOUNT#
</cfmail><cfoutput><cfinclude template="Checkoutinclude.cfm"></cfoutput><cfelse><cfmail to="erikdalton@domain.com" from="testfailed@domain.com" subject="testfailed">the test failed<br>#Form.AMOUNT#</cfmail></cfif></cfif>

Checkoutinclude.cfm:
<cfif isDefined('Session.Cart')><cfloop from="1" to="#ArrayLen(Session.Cart)#" index="ThisItem">
<cfquery name="geItem" datasource="members">
SELECT item_price,itemid,item_name,item_options, memberprice,
fishdogprice FROM items WHERE itemid = "#Session.Cart[ThisItem].ItemID#"
</cfquery>
<cfoutput>Item ID: #Session.Cart[ThisItem].ItemID#</cfoutput>
<cfoutput>Item Qty: #Session.Cart[ThisItem].Qty#</cfoutput>
<cfoutput>Item Name: #geItem.item_name#</cfoutput>
<cfoutput>Item Price: #geItem.fishdogprice#</cfoutput>
<cfif isDefined("Cookie.UserID")>
<cfoutput>Member Price: #geItem.memberprice#</cfoutput></cfif>
<br></cfloop>
<cfset Variables.mytotal = "#Session.ordertotalnotaxnosh#"><br>
<cfoutput>mytotal: #Variables.mytotal#</cfoutput><br>
<cfoutput>Shipping Charge: #Session.shippingcharge#</cfoutput><br>
<cfoutput>Tax applied: #DollarFormat(Session.amountoftaxes)#</cfoutput></cfif>

sessions are tracked by cookie values for cfid and cftoken. These are usually kept as cookie variables but if cookies aren't available they must be passed as URL variables. I speculate that when Verisign executes the POST back to your CF app it isn't passing the ID and token and therefore the app has no idea which session you are referring to. You'll need to pass the CFID and CFTOKEN in the URL that Verisign is posting to in order for this to work.

But see it seems to me that if that was the case, then why would the regular return url page coming from verisign which passes the exact same form values work.

So here's what I did:
I used two of the hidden fields in the form which I post to verisign when someone is ready to process a transaction.

Then I set <cfset Cookie.CFID = 'Form.USER1'> and
<cfset Cookie.CFTOKEN = 'Form.USER2'>

with USER1 and USER2 being the variables that I passed to verisign and they then pass them back to me in the silent post. I know these values are passed correctly, because I have tested the output just to make sure. So the question I have is then how do I get my application to know which session I am referring to with the above cfsets because this didn't work and I can't control what verisign sends me anymore than this. Is there any other way to force the application to know to use this CFID and CFTOKEN in the way in which I am passing the values to the form and the way verisign is passing them back to me.

I also thought about setting the Silent Post return url field in verisign set to http://www.domain.com/CheckoutSilentPost.cfm?CFID='Form.USER1'&CFTOKEN='Form.USER2'

A. shouldn't this technically work. I am testing it now
B. still how would I let the application know to use these

Thanks for all of your help

Well this clearly isn't going to work:

<cfset Cookie.CFID = 'Form.USER1'> and
<cfset Cookie.CFTOKEN = 'Form.USER2'>

First, that is setting the cookie values to the STRING values "form.user1" and "form.user2", which means nothing. You would want this:

<cfset Cookie.CFID = Form.USER1> and
<cfset Cookie.CFTOKEN = Form.USER2>

And that would only work if the posted form fields for user1 and user2 contain a valid CFID and CFTOKEN, respectively.

Again, I would set up some sort of test for this that exactly mimics the form post done by Verisign. Build your own form and submit it to your action page just as Verisign will. Just make sure you are posting valid ID and Token values.

how do you make sure that the CFTOKEN AND CFID values are valid, because I did what you said and the values which are emailed to me and not the same as the ones I find in the cookie saved to the computer.

If the values that Verisign is posting back are different, then you aren't sending the correct values when you hand processing off to Verisign. I speculate you'll have to post them as hidden form fields when you make your post to Verisign, and then confirm that when Verisign sends processing back to your app that the same values are being posted back.

You might consider just having Verisign redirect the actual user back to your application, and then do your emailing or whatever. That way you know that when the client's browser comes back to your site that their CFID and CFTOKEN cookie values are still intact.

I can confirm that the CFID and CFTOKEN values are correctly passed to and from Verisign. I just got off the phone with a verisign rep and he said that the regular return url post keeps the session flow going from one page to the next, where as the silent post url creates a new socket behind the scenes and post the data information, thus the session is lost. Is there code that lets the application know to use this CFID and this CFTOKEN because the <cfset Cookie.CFID = Form.USER1> and <cfset Cookie.CFTOKEN = Form.USER2> alone doesn't tell it anything, because I have it passing correctly, but I don't know what to tell the application when those values(CFID and CFTOKEN) are sent back so that the application knows which session I am referring to.

That's exactly what's happening (what Verisign said). The session is being lost. You could try using <cfcookie> to set the cookie based on the ID and Token that Verisign is passing back. Or try copying them to the URL scope (url.cfid and url.cftoken). You could also see if Verisign can append the actual ID and Token to the URL query string when it initiates the request back to your application.

Note that you previously said that the id and token that verisign was sending was NOT the same as the original session. Are you now saying they ARE the same?

yea they are the same, I was working off of two different machines right next to each other and forgot about that. Verisign guy said they won't let you append anything to the url query string (he stated it was a security issue).

How would I do this:
"You could try using <cfcookie>"

Something like
<cfcookie name = "CFID"
value = "Form.USER1"
expires = "period"
secure = "Yes" or "No"
path = "url"
domain = ".domain">

WOuld I put this at the top of the page which verisign is posting back to(my silent post return page)

And what is the difference between this and <cfset Cookie.CFID = Form.USER1>

BUt wouldn't I have to do this all in the application page, since it gets executed when a page is requested or am I wrong on this. Man this stuff makes me feel dumb. YOu are what you feel I guess. Thanks for all of the help again kiteless. BTW are u a NCSTATE fan?

Just something like this:

<cfcookie name = "cfid"
value = "#form.cfid#">
<cfcookie name = "cftoken"
value = "#form.cftoken#">

Yes put it at the very top of the action page that Verisign is calling. Like I said you can also try putting them in the URL scope. The cfcookie tag is usually more reliable than trying to set the cookie scope.

Not really an NC State fan. Don't care much for sports, more of a reading/paintball/techno music junkie.