First complete the returning page, just go to "Look and feel" section in 2checkout. If you already do that. You have the same problem that I have. I think it is because I had "Force Cookies" disabled, I found this in 2checkout site: 2checkout ( http://www.2checkout.com/community/?s=oscdox ): "There is a known issue that osCommerce has alerted us of. The osCommerce cart requires ‘Force Cookie Use’ set to ON. This means that web Sites using a shared-SSL cert will not work. Most problems with the osCommerce contribution are due to cookies not being set up properly and there unfortunately is not a work around for this." But when I activated that option in admin, then I have a new problem. I get an error message saying cookies aren't enabled in my browser, and they are enabled. I investigated and I found this: Oscommerce ( www.oscommerce.info/kb/osCommerce/Developers_Section/Implementations/4 ) : In that page says that "Force Cookie" does not works if you don't have your own ssl on your domain. "As the cookie is set on the top level domain of the web server, the secured https server must also exist on the same domain. For example, the force cookie usage implementation will work for the following servers: http://www.domain-one.com https://www.domain-one.com, or https://ssl.domain-one.com but not for the following servers: http://www.domain-one.com https://ssl.hosting_provider.com/domain-one/ The ssl.hosting_provider.com example is using a shared SSL certificate used for secure transactions. This can easily be fixed to work with the force cookie usage implementation by purchasing and installing a dedicated SSL certificate for the domain-one.com domain. A simple case of this implementation failing where different HTTP and HTTPS domains are used is when the client first visits the online store (cookie is set for HTTP domain) and clicks on the secure Login link (cookie is set for the HTTPS domain). As cookies cannot be read on the same request made when they are set for the first time, the Login page cannot access the HTTPS domain cookie as it has just been set, and it can also not read the HTTP domain cookie as it is another domain." Even if the clients browser has cookies enabled, the cookie cannot be read and the client will be directed to the friendly cookies-must-be-enabled page. " Conclusions: 1.-It is necessary activate "Force Cookies" to have the 2checkout payment module working correctly. 2.- "Force Cookies" only works if you buy your own ssl and install it on your domain. Please let me know if I am wrong.