I have a problem that surely has been solved before. I have given a summary below, but glossed over much detail. If anyone is willing to help me on this I will be happy to supply all the missing pieces. Thank you in advance!
I have production code that uses a sendRedirect to provide shopping cart info to our payment vendor. The vendor, upon payment completion, does a sendRedirect back to my server where order fulfillment takes place.
This application was not designed by me, I just maintain it. I see how it works, but DO NOT know what the best technique dealing with the problems at hand.
The sendRedirect is required (I think) to fulfill the order (Without it the vendor sendRedirect would not reference the proper user session ID).
1. With several shopping cart items, the query string exceeds the max length in IE.
2. The parameters (billing info, items purchased info) are exposed in the query string.
3. The sendRedirect method will generate an HTTP GET method, I need to POST
4. I do not have an HTTP "form" at the point where the sendRedirect happens. I just build up the URL from database queries.
In order to do a POST I need a "form" - right?
1. Connect to original user session (for order fulfillment) when coming back from payment vendor.
2. Tuck all billing, purchase info into the request body when sending the request to our payment vendor.
Before you start making changes, have you confirmed with your payment vendor that they can accept a Post request. Note that if you implement the solution to which Abhay linked (which is really the way it should have been implemented in the first place), you will be asking your payment vendor to change their system to return a normal response to your Post request instead of redirecting back to a URL in your site. Have you confirmed that they can and will make that change to their system.