Hi Rick,
I did indeed come up against this issue once I solved the BASE HREF issue. I ended up inserting my own, as I had hoped to avoid, and after some futzing even figured out what that BASE HREF should be. Once I had that solved I looked in my browser's location bar and realized it was all on our site still and the implications sank in immediately. >From there I've been trying to figure out a way to get the browser's location bar to actually follow the POST to the egold site, what I'm trying to do it this: - user is on our site checkout page - we have our default payment method which links to our transaction processors external site. - then underneath I put an "alternate payment methods" module, where I want to be able to give the user the choices between paypal and egold, this is a form submit, but because of the choice it has to execute a script on our side (so we can decide whether to send the user to paypal, egold, or any other place) That's where my "gotcha" exists. I have all the form data, I just want to get the user to the sci_asp side without *another* intervening step (where basically all they would do is have to hit another "submit" button) I can get around all this if I restructure the way we have the alternate payment methods interface I guess. But I'm stubborn, I don't want to :) Oh well. -mark On Tue, 13 Aug 2002, Rick van Rein wrote: > Hello Mark Jeftovic, > > What you are trying to do has a bad smell -- although it may just be a > technical idea that seems so exciting that you are overlooking the security > issues involved. > <snip> -- mark jeftovic http://www.easydns.com http://mark.jeftovic.net --- You are currently subscribed to e-gold-tech as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED] Safe web surfing tip: Get in the habit of checking the SSL key/padlock icon in your browser and address/location bar *before* submitting sensitive information like your e-gold passphrase.