Android Subscription and unique receipt

Hi,
I got a problem with Subscription and renew (again). On our server, we store the transaction ID to prevent replay of already use iap. On previous version IAP was formatted like GPA-12345-67890-12345 and ..1 ..2 ..3 for renew. Now all the renew are the same format, the receipt is always the same. Is there a way to have a different receipt with each renew of a subscription? Or is there other way to check if a receipt subscription if valid server side?

 

how I understand subscription for Android:

When you buy a subscription, it gives you a receipt on the subscription product.
As long as you got a receipt on a product, that mean you are subscribed. With the receipt you have access to the SubscriptionManager.getSubscriptionInfo()
If I made a solo game, that's fine, I can handle this informations to disable advertisements or anything usefull.

On my case, I need to tell the server that I just bought a subscription, so I send it the receipt and the server validate the receipt for this period of time and save the transaction ID.
At the end of the period, server disable player bonuses for subscription and the player have to renew the sub.

Since the change of transaction ID, purchasetoken never change from one period of time to another (it used to change with old system and the order-id format with ..1 ..2 etc).
Does the test purchase change anything? (renew at 7 min and every 5 minutes later for 5 times)
Else if it's not a test purchase issue, what is the solution to validate server side my receipt to keep security and prevent hacker to replay previous transaction every month?

The funny thing is a receive email for each renew in test mode with the previous format of order id GPA.1234-5678-9012-34567..1 / ..2 etc...

What is wrong in my understanding of the process?

Thank you for all the good job on this forum

 

We are facing 2 issues if we just check this on the client:
- The game is a realtime MMO, so when I subscribe and cancel the sub, the player should not got the subscription bonuses. If I just check on the client, this is a possible hack.
- How can I track purchase if nothing change on the receip?

 

Thanks a lot. We found a solution with google API and the receipt from the client. Thanks a lot for your time

 

Ok, the issue was our application server need to know if the client is subscribed and when the subscription expire.

Here is the process:
- Player buy first subscription
- When the callback of the store (ProcessPurchase) occur, we send the receipt to our server and the order id
- Server Check if the receipt is valid with google api (https://developers.google.com/android-publisher/api-ref/rest/v3/purchases.subscriptions/get)
- With the answer of Google, server know when the subscription finish