CheckSession

  • Method

    SlimCD.Sessions.CreateSession

    Purpose

    Loads danto SLIM CD and returns a session id.

    Description

    CreateSession is used to create a SessionID. SessionID values are later used as part of a secure and tamper-resistant URL so that a browser-style application can be launched to accept cardholder information outside of the developer’s software. CreateSession can also be used to send initial customer data to SLIM CD so that payment pages are pre-populated for the clerk, providing ease of data entry.

    Business Rules

    CreateSession must be called before ShowSession can display a page.

    Argument List

    Name Required Usage
    CreateSessionRequest Required Object containing properties for the request
    timeout Optional Integer wait time, in seconds, before timeout response is generated
    callback* Optional Function to call upon completion of asynchronous request

    *for JavaScript only

    Request Fields

    FieldName Type Length Required Description
    UserName string 20 require Username or API Access Credential that accesses web service.
    Password string 20 require Plaintext password for the client account.
    SessionID string 40 require HEX string uniquely representing the session
    Wait int 9 require time to wait, in seconds, for CheckSession to wait while the session is being completed by the user
    WaitForCompleted string 3 require yes/no indicating that the CheckSession should not return intermediate results, but only final results.
    UserField string depends not require This is a USER-SUPPLIED field, can be named whatever the developer wants, and can be used to retrieve additional data with the form. In the case of the libraries, these field names are specified in a dictionary called “userfields”. In the case of the webservice/resource, these fields are simply included with other name/value pairs. CheckSession will return values from the form/session for any fields specified.
    1. Passwords are required except when the username is set to an API Access Credential, in which case it should be passed in as an empty string.
    2. ClientID, SiteID, PriceID are required if not specified in the API Access Credential
    3. Form name is highly recommended. FormID can also be specified, but it is unique and prevents the form from being used by more than one clientid. If not FormName is specified, the system will select a form, producing unexpected results.
    4. TransType is required, unless specified on the form as an editable field.
    5. Amount is required, unless specified on the form as an editable field.
    6. UserFields are any field the developer wishes to send. For direct API calls, simply add the field to the name/value pairs. For libraries, add the fields to the “userfields” dictionary associated with the CreateSessionRequest object

    Reply Fields

    reply outer tag for the reply data block
    response Success, FAIL, Error
    response code 0, 1, 2 (respective) matching the above
    description If successful, this will contain the single word, OK. Otherwise it will contain a description of failure or error which occurred
    reponseurl The Slimcd.com url which was called for this operation
    datablock The confirmation text returned from the server.

    Reply Hierarchy

    • reply
      • response
      • responsecode
      • description
      • responseurl
      • datablock
        • sessionid

    Remarks

    • Optional Fields fall into a few categories. These include Form Data, Customer Data, Payment Data, Clerk Identification Data, and Custom Developer Data.
    • Form Data allows the developer to identify the pre-configured display form to use. Form configurations are created on the SLIM CD website and referenced by name or numerical value. This identification is sent when the session is created so that the proper form configuration will be used when displaying the form data to the clerk or consumer. (Note that at this time, specifying a form is optional. The system will use the lowest FormID available for the merchant if none is specified. This approach is subject to change and SLIM CD recommends supplying form names when sessions are created to insure the display functionality meets developer expectations)
    • Customer Data can include any of the payment data supported by the SLIM CD gateway. This includes First Name, Last Name, Address, City, State, Zip, etc.
    • Payment Data includes other fields supported by the SLIM CD, such as TransType and Amount. If the transaction type is not specified, it will default to SALE. Specialty fields can be provided, such as Hotel Checkin Date, etc. The “gateid” field can be provided to reference customer data from previous transactions without supplying that data or cardholder information.
    • Please note that CreateSession will not accept certain cardholder data information. This is to ensure that PA-DSS avoidance and PCI Scope Reduction is obtained by discouraging applications from storing or sending cardholder data. Previously processed cardholder data can be referenced using the SLIM CD “gateid” values from those previous transactions.
    • The following fields will not be accepted by the CreateSession function: Card Number, Track Data, CVV2, or PIN Block data fields. If the developer desires to provide this information to SLIM CD as part of a conversion that eliminates cardholder data storage, we recommend using the SLIM CD Developer’s Toolkit and perform the “LOAD” function.

    Examples

    Sample HTTP GET:

    Sample HTTP POST:

    URL:https://stats.slimcd.com/soft/checksession.asp POSTDATA:clientid=1032&password=289075&wait=60&sessionid=22ADCBF1F23F19D125DF76B00B6DC75B201CB6CF

    Sample HTML Form with POST:

  • Include

    Method

    Request

    Reply

    Sample Code

    Downloads

    Download full sample source.

  • Include

    Method

    Request

    JSON Reply

    Sample Code

    Downloads

    Download full sample source.


  • Include

    Method

    Request

    Reply

    Cross Reference: Client

    Sample Code

    Downloads

    Download full sample source.


  • Include

    Method

    Request

    Reply

    Cross Reference: Client

    Sample Code

    Downloads

    Download full sample source.


  • Include

    Method

    Request

    Reply

    Sample Code


  • Method

    Request

    Reply

    Sample Code

    Downloads

    Download full sample source.


  • URL

    Protocols

        • SOAP/XML
        • HTTP POST
        • HTTP GET

    Request

    Status Codes

    Status Code Status Description Explanation
    200 200 OK Approved or declined attempts will return a response with an XML reply block
    500 500 Internal Server Error The response will not contain XML, as a server error has occurred.

    Reply

    Output is in XML format if a status code of 200 is returned.

    If the block’s tag does not indicate “Success”, the tag will contain an error description which can be displayed to the end-user

    Sample Code

    The sample above shows the use of an API Access Credential with a blank password, and specifies a long timeout for CloseBatch

    The sample above shows the clientid, siteid and password. BatchNumber is always blank.

    Simple HTML form to show CreateSession

    Remarks

    • CheckSession has options that can:
      • Specify how long to wait on the SLIM CD servers waiting for an answer.
      • Specify if intermediate results should be returned, or only the “final” completed result.
    • Identify any other session fields to return as part of the request, including form fields or fields passed to CreateSession
    • Remarks Go here
  • URL

    Protocols

    • HTTP POST
    • HTTP GET

    This function accepts either name/value pairs or JSON

    Request

    Reply

    Sample Code

    The sample above shows the use of an API Access Credential with a blank password, and specifies a long timeout for CloseBatch

    The sample above shows the clientid, siteid and password. BatchNumber is always blank.

    The sample above shows the use jQuery cross-domain POST with jsonp, sends an API Access Credential with a blank password, and specifies a long timeout for CloseBatch. Note that the service can be specified on the URL or inside the request object as another json data item

    The sample above shows the use jQuery cross-domain POST with name/value pairs, sends an API Access Credential with a blank password, and specifies a long timeout for CloseBatch. Note that the service can be specified on the URL or inside the request object as another name/value pair

    Remarks

    1. None