> I am facing a task to complete the checkout component of > a little e-store. I want to ask you guys for some advice. > > The whole e-store application is ready now - shopping cart, > products, coupons, etc. Now I need to add the checkout part, > which includes credit card entering screen, final order > confirmation and the actual processing (CFX_PAYMENTNET & > Verisign). The problem we have is that our e-store resides > on 1 server (www.server1.com), while we have another "secure" > server that hosts SSL and the Verisign payment components > (commerce.server1.com). > > I store all of the user information - shopping cart, user > parameters, login information, etc. in session variables > on www.server1.com. However, during checkout when I send > the user to the other domain, commerce.server1.com, I will > lose this session variables and all the shopping cart and > login information for the user. Can any of you guys > suggest a good solution to this problem?
Well, first of all, to be accurate, both www.server1.com and commerce.server1.com are within the same domain, so you're not really switching to another domain. I'm not trying to nitpick here, though - that's useful information, simply because, by default, cookies are domain-specific, so cookies set by www will be visible to commerce (the hosts within the server1.com domain). Now, I'm not sure from reading the above whether the hosts are on the same physical computer, or on different computers. If they're on the same computer, the solution can be very simple. You can simply use the same application name attribute in your CFAPPLICATION tag, and ensure that you're setting the CFID and CFTOKEN cookies so that they're available to all hosts within the domain. If the hosts are on different computers, however, things might be a little more complicated. You could use Client variables instead of Session variables, and simply ensure that both computers could access the same Client variable repository (a shared database), and that you're using the same pair of CFID and CFTOKEN cookies. Otherwise, you'll need to figure out some way to pass the data from one to the other, ideally on the server side by storing it in a database, then passing a token to do the lookup on the SSL server. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Why Share? Dedicated Win 2000 Server � PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation � $99/Month � Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
