#wellthen 🇪🇺

can i just forward the session ID here instead of requesting the session?

or would that not work

Hi, taking a look here.

Stripe Checkout redirect is deprecated, https://stripe.com/docs/js/deprecated/redirect_to_checkout so you should not de using that. Instead, you should use the session.url , (https://stripe.com/docs/api/checkout/sessions/object#checkout_session_object-url. Alternatively, if you are looking for a client side payment, you can use Stripe's Payment Link: https://stripe.com/docs/payments/link/accept-a-payment.

session.url is generated by the session object?

That is correct, it's the URL to the Checkout Session.

So I technically have to pass the session ID I have stored through the API?

each time an user visits the page

or should i store the url in my database instead?

that is, should I fetch the URL each time a user visits the payment page using Session::retrieve, or should I store it instead?

You should retrieve the Session

what are the chances of being rate limited by Stripe if a user sends thousands of requests?

should i rate limit or something?

Mm, let me confirm real quick.

We do have API rate limiting, https://stripe.com/docs/rate-limits and it's pretty generous but I do see your concern. I was thinking on a much smaller scale.

is the URL expected to change during the 24 hours whilst the session is available?

testing with the url from the session, I can see that it's not getting randomized each time I call the session

I was able to confirm here, as long as the Checkout expires_at has not reached, then you can reuse that Checkout Session Id so you can store it in your database. However, if the session is expired, then you'd need to create a new Checkout Session.

https://stripe.com/docs/api/checkout/sessions/object#checkout_session_object-expires_at

Yeah, I'm already storing the session ID, but I'm referring to the session.url here

Is it okay to store the session URL instead of retrieving it from the Stripe API each time?

Yes you should be able to, I re-clarified my answer.

Gotcha. Does expires_at return an unix timestamp?

Yes

and how long is the url expected to be?

i assume it's fine to leave it at 512 characters?

By default, it expired in 24 hours but with this parameter, you can set the expiry from 30 mins up to 24 hours: https://stripe.com/docs/api/checkout/sessions/create#create_checkout_session-expires_at

uh no i meant the length of the url

does it always return a 359 character string

I'm trying to understand the logic behind this question, are you able to add more context into this?

the session.url returns a url to do the checkout, is it always 359 characters?

I would need to test this, I'm trying to understand what you're trying to do by knowing if the url is always 359 characters.

store it in the database

The URL length will not always be that length, it will vary. I was able to able to confirm on the API rate limiting part. The recommendation is that you do not store the session.url in your database. Instead, you'd fetch the session id. I know you are worried about the API rate limiting and that as I've mentioned earlier we do have a generous limit. Sorry for the confusion.

is there any chance that something would go wrong if I do end up storing the session url?

What are you thinking would go wrong?

perhaps the url changes during the 24 hour session?

I see, that should not be the case.

thanks very much!