External payment gateway not displaying <give receipt> shortcode properly after redirection

[umayrdotkhan]

I've followed your documentation. My off-site payment gateway is redirecting users back to the success/failure page correctly.

The URL now includes both, donation-id and donation_id.

However, the receipt does not show on the success/failure page when the user is not logged in.

Is there some setting that is causing this issue OR is there a bug in give-wp?

Because I am passing the donation-id and donation_id (with the same value) in the url parameters.

I was expecting that donors would easily be able to see their donation receipt after payment. So it's disappointing.

See the screen shots.

[jonwaldstein]

Hey @umayrdotkhan

When visiting the confirmation page in incognito, have you gone through the donation form or are you just navigating directly to that url?

The reason i'm asking is because our option-based forms use sessions in order to display this sensitive information. The session is created when filling out the form, so the receipt is viewable to only that donor during that session. In order to view that receipt again outside of the session, you can use the email access (there are additional settings in GiveWP for that). This way, for security reasons - you can not just guess the donation ID in the url and view someone else's receipt.

All that being said, our visual form builder works a bit different and uses a stateless approach with a unique identifier that is used to display the receipt without sessions. This unique ID is generated at a lower server-side level and is not guessable which makes it secure without the need for sessions.

Hope that helps,
Jon