I have been asked to look into a problem in an already configured ZenCart shop linked to the SecPay Payment Gateway.

The shop uses non SSL form based checkout (not the best idea I know), the shop connects to Secpay fine, the order is processed by Secpay and the customer receives an email OK.

However when Secpay calls back to the store the shopper gets a Session Expired message from the system.

I am new to ZenCart so I had a look around the internet and could only find this problem happening with a mix of SSL and non SSL domains.

I presume the session is getting lost somehow, I tried storing sessions in file (and saw them created ok) instead of the DB, I also tried setting Recreate Session to false.

Session Settings
-------------------
Session Directory /home/users/xxx/html/xxx.co.uk/store/cache
Cookie Domain True
Force Cookie Use False
Check SSL Session ID False
Check User Agent False
Check IP Address False
Prevent Spider Sessions True
Recreate Session True
IP to Host Conversion Status

Zencart: Version 1.3.5

Apologies if I am missing something obvious but its never great when someone else sets something up and then can't be contacted!

Any help anyone can give would be much appreciated!