I'm finalizing a new payment module for Banca Sella (Gestpay) and I will contribute it in the forum.
I'm facing a problem in a load balanced environment (two hosts w/ http load balancer).
The bank callback is done though the pubblic address on one of the two machines choosen in base of the load.
But as far as I can understand secret key is stored in memory so if user placed the order wile browsing on host 1 if the callback drops on host two the function call
kkAppEng.getEng().getOrderIdFromSecretKey(secretKey);
fails! :-(
If this is the case the callback will never succed if Tomcat is restarted in the meanwile.
What is the secretKey for?
In these cases you can pass the order id to the bank since it will be unique. The secret key is just a way of passing something to the bank that is returned to you asynchronously and used to match up your request with the bank's reply. If you are communicating via SSL it's safe to send the order id.
In this case what is going to happen to the secretKeyMap?
is it going to grow over time?
... what about memory usage?
You can still delete it.
Ok thnks I'll combine info.getSecretKey() + ":" + Integer.valueOf(order.getId) and in the callback I'll split it back in order to cleanup.
Maybe you can do it directly in the module ?