Therefore a quick response page is provided immediately. When that page is generated, the approval status is not yet known.
To make things as convenient as possible, the web application provides a link which, when clicked, either takes the surfer to a "not yet" page, or to the actual approved/denied page.
The state of the surfer's transaction is maintained on the server. It is not sent over insecure lines or dependent on cookies. Instead a numbering technique is used to assign each surfer a unique Session ID, to which his or her data is associated. This Session ID is visible in the URL:
The components within the web application must restore state for surfer 392032 when he or she returns, and then respond accordingly.