Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

http:// to https:// transition of data

Status
Not open for further replies.
deepatpaul

deepatpaul

Programmer
Jul 7, 2004
57
US
For a shopping cart-enable site, what is the best way to store and transfer a user's session data from non-secure to secure? The secure section will contain the form for them to enter their credit card information as well as submit to the 3rd party payment gateway and back again.

The secure folder will also be under the same domain as the non-secure. I'm using SQL Server database and CF5.0.
 
Sort by date Sort by votes
Without having the proper environment to test a solution in, I would think that session scope would work. If it doesn't you could always use a database to store product selections and then purge the records after their session is ended.

Jalpino
 
Upvote 0 Downvote
It's not really a matter of "transfering" session variables from non-secure to secure. The only thing SSL does is encrypt data from the users browser to your web server ap so that it cannot be read if it is intercepted enroute.

I prefer to use a database to keep user data - mainly so that the data will be available to them when they visit the site 3 months later. This is the approach Amazon uses. It is convenient to the user but requires great care. The database has to be encrypted, you have to guard agains SQL injection attacks, the ColdFusion administrator has to be properly configured, the server has to be hardened etc. etc.

A good initial approach might be to build the site using a database but purge really sensitive user data after the purchase, i.e. their credit card numbers and SSN's if you collect them. That way if you are hacked, the damage to the user is minimized.

 
Upvote 0 Downvote
So, you're saying that if I stay under the same domain, I can bounce between secure and non-secure folders w/o having to pass the data as if moving it to a new domain completely? It's been years since I have done this and am quite fuzzy on the logic.

So, a form-submitted page that goes from non-secure to secure can read the posted form variables all the same, yes?
 
Upvote 0 Downvote
The user (buyer) can send data to your ap server (ColdFusion) via an HTML (or Flash) form. For a shopping cart ap, those form fields can be used to create cookies which are placed back on the users machine, or can be used to create session variables which can be tracked a few different ways, or the data can be placed in a database. This all takes place the the same way regardless of whether or not SSL is used.

The only thing SSL does is scramble the data as it leaves the users browser and unscrambles it when it arrives at your web server (IIS, Apache).

Aside from sometimes having to hard code (absolute instead of relative) your paths, so that they show instead there wont be any difference in how you code the site.

I hope this answers your question, in a nutshell, - yes the variables can be read the same.

Cheers!

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mark Freeberg
  • Locked
  • Question
Most Recent Version of DW w/ (true) WYSIWYG?
Replies
2
Views
659
Mark Freeberg
Mark Freeberg
RosieGp
  • Locked
  • Question
How to read string of 0s and 1s 1
Replies
3
Views
779
LyndonOHRC
LyndonOHRC
fdgsogc
  • Locked
  • Question
Displaying results of an SQL Pivot Query
Replies
1
Views
655
jdhilljr
jdhilljr
Mike Lewis
  • Locked
  • Question
Using Dreamweaver to maintain a site not created in Dreamweaver
Replies
2
Views
754
Mike Lewis
Mike Lewis
Ceilicat
  • Locked
  • Question
Query of Queries Union Not Totaling Across Fields
Replies
2
Views
355
OneTrickPony
OneTrickPony

Part and Inventory Search

Sponsor

Back
Top