----------------------------------------------------
Please read the FAQ at <http://java.apache.org/faq/>
It does have a search feature!
We cannot guess what you are trying to do:
#1. Include version numbers for all software.
#2. Include relevant configuration settings.
#3. Include full descriptions of the problem.
Got Linux? Seeing lots of java processes?
<http://java.apache.org/faq/?file=274>
----------------------------------------------------
Yah.
consider this:
User finishes shopping and clicks "Pay Me" button on form A .
form A posts transaction information (amount and some reference information) to Host B
Host B obtains credit card and shipping information and validates sale
Servlet/CGI/whatever B posts result + original reference information to Host A
Servlet/CGI/whatever running on host A sends a request to host B asking did you really
validate this transaction?
This protocol is how a number of web payment sites operate.
An enhancement to this was discussed by Lincoln Stein in the August 1998
WebTechniques. You mark your original post with a
transaction reference that is non-repeating and is of a sequence not easily guessed.
His notion was to make an MD5 hash from the User's IP address, a datetime stamp, the
sequential transaction reference, and a secret
value.
When the reference values are returned the public values are re-hashed with the secret
key and checked against encrypted reference
value.
Unfortunately the article is not on the web techniques web site.
If this made enough sense that you just go a-ha! and start coding you don't need the
article. Otherwise if this sounds intriguing
finding that article would be worthwhile.
hth
***********************************************************
Brett Knights 626-432-5767 work
[EMAIL PROTECTED] 626-355-1017 home
***********************************************************
>
> The problem with this is that it gives the end users more
> leverage for forging transactions.
> Site A creates the transaction, sends it to site B which uses
> req.getParameter() to get all the values (including the
> price). Maybe we
> could encrypt everything and put some sort of hash signature
> on all the parameters or something?.
>
> Once the credit card payment is processed, I would have
> thought a response.sendRedirect() was the best way to get
> back to site A. How
> can we send the transaction result back this way ?
>
> Would you use a different mechanism to get back to site A ?
> (of course site A will need to update it's accounting records
> to reflect
> the payment).
>
> ..Chris.
>
> Brett Knights wrote:
>
> > -----------------------------
> > Please read the FAQ!
> > <http://java.apache.org/faq/>
> > -----------------------------
> >
> > Why not just build the necessary information into a form
> and do a post request to the payment server? And do the same
> coming back.
> >
> > ***********************************************************
> > Brett Knights 626-432-5767 work
> > [EMAIL PROTECTED] 626-355-1017 home
> > ***********************************************************
> >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED]]On Behalf
> Of Khoivu
> > > Nguyen
> > > Sent: Monday, October 04, 1999 6:25 PM
> > > To: Java Apache Users
> > > Subject: Re: Sharing session between VirtualHosts
> > >
> > >
> > > -----------------------------
> > > Please read the FAQ!
> > > <http://java.apache.org/faq/>
> > > -----------------------------
> > >
> > > Yes, I know. Do you have any other recommendation to share?
> > >
> > > "Kevin A. Burton" wrote:
> > >
> > > > -----------------------------
> > > > Please read the FAQ!
> > > > <http://java.apache.org/faq/>
> > > > -----------------------------
> > > >
> > > > This is probably technically possible... but don't expect your
> > > > performance to be that great.
> > > >
> > > > Khoivu Nguyen wrote:
> > > > >
> > > > > -----------------------------
> > > > > Please read the FAQ!
> > > > > <http://java.apache.org/faq/>
> > > > > -----------------------------
> > > > >
> > > > > I am very interested in this problem's solution since I
> > > have a business need
> > > > > to share the HTTPSession between 2 virtual hosts or two
> > > servlet zones. I
> > > > > believe the second problem may not be feasible by Apache
> > > JServe design.
> > > > >
> > > > > One solution is before you invoke response.sendRedirect()
> > > method, you save
> > > > > the HTTPSession to database or file. If HTTPSession is
> > > serializable, which I
> > > > > think it is, we can serialize HTTPSession and save it as
> > > a blob in database.
> > > > >
> > > > > Chris McCarthy wrote:
> > > > >
> > > > > > -----------------------------
> > > > > > Please read the FAQ!
> > > > > > <http://java.apache.org/faq/>
> > > > > > -----------------------------
> > > > > >
> > > > > > I want to share HttpSession information between 2
> > > Virtual Hosts. Can
> > > > > > this be done, or do I have to use an alternative method
> > > of communication
> > > > > > ?. I tried it, with a servlet on both virtual hosts but
> > > the session was
> > > > > > not shared.
> > > > > >
> > > > > > It is for online payment, I want to do a
> > > response.sendRedirect() to my
> > > > > > secure (Virtual) server for online payment, so two way
> > > comminication is
> > > > > > required. I know it would be easier to run the secure
> > > server on the same
> > > > > > host as my servlets, but this is done for business reasons.
> > > > > >
> > > > > > Any help appreciated,
> > > > > > ..Chris.
> > > > > >
> > > > > > --
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
