3.1.7. Session-Bound Payments

Sometimes checking if an order has been paid for is not enough. For example, when selling access to online media, the publisher may want to be paid for exactly the same product by each customer. Taler supports this model by allowing the mechant to check whether the “payment receipt” is available on the user’s current device. This prevents users from easily sharing media access by transmitting a link to the fulfillment page. Of course, sophisticated users could share payment receipts as well, but this is not as easy as sharing a link, and in this case they are more likely to just share the media directly.

To use this feature, the merchant must first assign the user’s current browser an ephemeral session_id, usually via a session cookie. When executing or re-playing a payment, the wallet will receive an additional signature (session_sig). This signature certifies that the wallet showed a payment receipt for the respective order in the current session.

Session-bound payments are triggered by passing the session_id parameter to the /check-payment endpoint. The wallet will then redirect to the fulfillment page, but include an additional session_sig parameter. The frontend can query /check-payment with both the session_id and the session_sig to verify that the signature is correct.

The last session ID that was successfully used to prove that the payment receipt is in the user’s wallet is also available as last_session_id in the response to /check-payment.