Reply
Highlighted
Member
Posts: 6
Registered: ‎03-20-2017

Accept Hosted iFrame / Expired Token

Can you please suggest best practices for handling an expired token in an iFrame?  According to the docs, the token expires after 15 minutes.  When the user submits the payment form in the iFrame and the token is expired, they get an error message along the lines of "Finger print invalid", and they cannot continue unless they press cancel.  

 

Users are then left at a dead end unless they know to refresh the page (which users won't know to do).  There is no notification communicated to the iFrame communicator on expired token, so we are left with stranded users.

 

I understand the need for expired tokens, but there is no way to refresh the token without an explicit and undefined action from the end-user.

 

 

Highlighted
All Star
Posts: 699
Registered: ‎11-03-2016

Re: Accept Hosted iFrame / Expired Token

Hi @mikeyudin,

 

There's not any specific help I can give right now. I'd love it if anyone else would chime in with anything they might have tried.

 

I'm sure there are a few things we could do better with this in the future, though. For example, the idea of communicating that message to the iframecommunicator could be something that works well. Or, the "expired token" message could give more specific instructions to the customer to return to the merchant's site. If you have any specific suggestions you'd like to see, please add them to our Ideas Forum where others can take a look, contribute feedback, and vote for new features.

Highlighted
Posts: 427
Topics: 0
Kudos: 88
Blog Posts: 0
Ideas: 0
Solutions: 34
Registered: ‎04-28-2017

Re: Accept Hosted iFrame / Expired Token

There are many ways to inform the customer about a pending token expiration, one simple way using only Javascript is below:

<html>

<head>
<script type="text/javascript">
var timeleft=15;
var interval;
interval = setInterval('change()',60000);
function change()
{
 timeleft--;
 if(timeleft<=0){
alert("Your session has ended.")
document.getElementById("sessionTime").innerHTML = "Your session has expired.  <button onclick=\"reloadFunction()\">Reload page</button>";
}
else if(timeleft<=2){
 alert("Your session is about to end, time left is "+timeleft+" minutes.")
document.getElementById("sessionTime").innerHTML = "Your session is about to expire " + timeleft + " minutes left. <button onclick=\"reloadFunction()\">Reload page</button>";
}

}
</script>


<script>
function reloadFunction() {
 location.reload();
}
</script>

</head>

<body>
<div id="sessionTime"></div>
</body></html>
Powered by NexWebSites.com -
Certified Authorize.net developers
Highlighted
Member
Posts: 6
Registered: ‎03-20-2017

Re: Accept Hosted iFrame / Expired Token

Thank you for this example.  Seems like a good way to handle the token expiration.  We will modify this solution for our needs.

 

I'd suggest something like this for the documentation, as others will probably run into this issue.

Highlighted
Posts: 427
Topics: 0
Kudos: 88
Blog Posts: 0
Ideas: 0
Solutions: 34
Registered: ‎04-28-2017

Re: Accept Hosted iFrame / Expired Token

Your are welcome.

Powered by NexWebSites.com -
Certified Authorize.net developers