We are implementing the Moneris checkout and it looks like the back button doesn't revoke the ticket that we get from Preload request. We need this for security purpose, is there a way we can do that?
- It was working in Moneris Hosted Page (HPP). If you open two tabs with the moneris iframe url, if you cancel one and refresh the other, the transaction is unavailable.
It posts to https://esqa.moneris.com/HPPDP/hprequest.php with parameters "hpp_id", "hpp_ticket" and "doTransaction" set to "cancel_transaction".
- In the new moneris checkout, pressing back posts something similar to https://gatewayt.moneris.com/chkt/display/request.php, with parameters "ticket" and "action" set to "cancel_order". However, if you do the iframe url trick that I did previously, it doesn't revoke access to the ticket. You can still process the transaction.
I saw that https://developer.moneris.com/Documentation/NA/E-Commerce%20Solutions/MCO/Receipt%20Request looks similar, so I tried to change the action to "cancel_order", but all im getting is 200 with empty content.
Is this the expected behavior? Is there a way to trully cancel a transaction?