Double Credit Card Charges for the same Sales Order using Authorize.net SIM

[stevewhelan]

There is a bug that allows double charging the same Sales Order when using Authorize.net SIM. The customer reports that they received a session timeout on ZenCart while on the Authorize.net payment page. They did not get routed to a payment confirmation webpage, however they were billed and received an authorize.net payment receipt. However this (first) authorization code was NOT captured by ZenCart status history. They went back to the cart and found it still populated and again attempted payment. This time ZenCart captured the payment and authorization code in order status history and a payment confirmation webpage was received by the customer. The time stamps between the two authorization codes/billings from authorize.net was just under 5 minutes. There was no alert of the double billing in ZenCart and we discovered it only when the customer contact us.

There are no modifications to the authorize.net scripts (ZenCart v 1.5.3).

[DrByte]

Seems the bug is in whatever caused your customer to encounter a "timeout" ... because that's why the order wasn't recorded in your store.

The order doesn't get saved to your database until the payment module completes the payment and returns back to your store.

To prevent that symptom from happening again, you'll want to isolate the cause of the timeout. You might find the system debug logs in the /logs/ folder useful for investigating the problems your site is having.