In our development project, we do not commit the order to our system until the user returns from Authorize.net; therefor, we want to make sure that the user's session in our system lives long enough to account for the maximum amount of time permitted between our prep page to Authorize.net's hosted payment form and back again. We are using Relay Response along with the hosted payment form. According to the docs:
"If the fingerprint is more than one hour old or more than 15 minutes into the future, it is rejected."
To accomodate this, we push the session timeout in our system forward to account for a user sitting on our "proceed to secure payment form" page for more than an hour.
We also want to account for any time they spend sitting on the hosted payment form - how long does a user have to submit the payment on the hosted payment form before it times out? In other words, if a user sits on the hosted payment form for 30 minutes and then enters their credit card information and submits the payment, will it accept it? Can they sit on the page for an hour before submitting the payment? Is there a time restriction?
Thanks a bunch for your help.
