Xiao Xinqi Xiao Xinqi - 1 year ago 53
jQuery Question

php + js checkout and thank you page

i am build a stripe checkout for my ecommerce on my current project.

everything working good, but i have few question which is confuse me.

  1. is good idea to use ajax for checkout?

i am using stripe.js to checkout, when customer click on checkout button, which will get the token from strips, and then i use ajax to submit the token to php, php will charge the customer, and do the rest of job. is this safe? do i have to use all php code on page to checkout?

i am also using localstorage to store the shipping cart information, is localstorage safe than cookie? if not, is cookie enough for shopping cart information?

  1. about thank you page.

i already create a thank you page, but this page every user can go to this page, like customer didn't buy anything still can go this page. www.example.com/checkout/thankyou.php

for stander checkout thank you page, should i create something to prevent non checkout user to view this page? or i just make thank you page and checkout into one page? like when customer click checkout button, ajax return 1, then popout a modal, show order number, and redirect to other page in 5 sec.

Answer Source

Yes, this is safe, since the Stripe's token is a reference to their system and cannot be used or read by anyone else but your PHP script, using the private API key.

This token is created to ensure no credit card info ends on an unprotected server.

But as they say in their tutorial, you should enable HTTPS to protect the other transaction values of your customer.

They have a real effective tech support that you can reach on https://webchat.freenode.net/ using the #stripe channel.

And about the thank you page... You could use a $_session variable to prevent the access from users who didn't succeded a charge.