Imagine the following scenario.
My website user wants to pay for a service, s/he clicks the pay link. I create a record in my database with relievant details about the payment before the details are sent off to paypal, i.e. invoice number, tracking number, user id etc.
When the user is on the paypal page, ready to make the payment, before he/she clicks the pay button, his/her computer crashes and has to restart the computer.
I now have a problem. I have a record in my database and paypal didn't get a request about the payment. It's a problem because the record will never get updated as paypal will never send an IPN message to me to tell me if the payment was completed, failed, cancelled etc as the users computer crashed before the paypal payment could be initiated on paypal's side.
This means that I will not get a pending, failed, declined message from paypal which I could use to delete or set the record as invalid in the database.
So my question is, how long should I wait for messages from paypal's ipn before I mark the record as useless? 1 minute? 1 hour? 1 day? 1 week? etc?
I want to know how long I should wait before giving the user a message via email to try again, and before the wait time is up, the user will get a message telling him/her that the payment is being processed.
My concern is that, if the above scenario doesn't happen, and the user does complete the payment successfully, but paypal takes its time to send me an ipn message for the original payment, i.e. 24 hours, and I have things setup to delete the record after 10 minutes so the user can try again after 10 minutes, the user will have paid, but it will not get recorded in my database. Or worse, the user might end up paying more than once if I give him/her a message saying the payment failed, try again. After which paypal completes the payment for the very first attempt and the user gets charged twice...
So basically, if the quesiton is not clear. I am not looking for opinions, I am looking for documentation from paypal which outlines a maximum time to wait before invalidating a payment. Has paypal outlines such a time scale? as I can't find it in the documentation.
Never.
Each row in the database should contain a column which indicates whether the transaction is completed or not.
You can list uncompleted transactions in a pending transaction box or something like that, which indicates that the user didn't finish the transaction and he should try again once he logs on.
Marking transaction as useless won't do much for you, you simply want to know if they're completed or not, then you want to display all pending transactions for the particular user which can then either choose to complete it or deny it, which should be an option.
For example, if we look at betting sites, there users can add bets into a bet-slip which are pending bets. The user can choose to actually place the bets or simply ignore them. In these cases the bets are marked as reverted once the session expires, you could do that (make them expire once the session expires after their first log-in after the failure) or you could make the pending transactions live forever, until the user cancels.