I've been testing out the latest eCommerce code, and I noticed the following in my log:
18.104.22.168 - - [10/Sep/2010:11:24:33 +1200] "POST /paypal/complete HTTP/1.0" 302 -
22.214.171.124 - - [10/Sep/2010:11:24:36 +1200] "POST /account/order/6 HTTP/1.0" 302 -
126.96.36.199 - - [10/Sep/2010:11:24:39 +1200] "POST /Security/login?BackURL=%2Faccount%2Forder%2F6 HTTP/1.0" 200 6265
While this doesn't prevent the payment from being recognized, I don't think that the PayPal IPN service should be redirected to the order URL.
Looking at the complete() method, the last call is to $payment->redirectToOrder(), which on closer inspection is in the ECommercePayment class (which is a DataObjectDecorator).
I was about to post a bug report, when I noticed that all of the payment handler classes do this. Am I missing something here? Or is this a bug? Incidentally, this makes all of the Payment modules dependent on being used with ECommercePayment, or with a DataObjectDecorator with a redirectToOrder() method.