How, code wise do I retreive the session data from the session id. Also,
another response below said HTTP_REFERRER is not secure. So how do people
who use this type of payment gateway secure the script it redirects to. All
of the data it sends is form data, so once somebody new what script it
redirects to, and what form data it posts, it would be quite easy for them
to authorize their own charges in my opinion.

I think the more I think about this, the POST/REDIRECT type of gateway is
pretty hooky. I would like someones input who actually uses this type of
gateway and how it is secured and how they maintain their sessions that
correlate to that broswer.

I think I just need to find a company with more reasonable rates that allow
direct socket authorization. Any recommendations on that?

> -----Original Message-----
> From: Jason Wong [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 20, 2001 12:43 PM
> Subject: Re: [PHP-DB] E-Commerce - Integrating Sessions With Charging
> Processes That rePOST
> ----- Original Message -----
> From: Fotwun <[EMAIL PROTECTED]>
> Sent: Monday, August 20, 2001 1:40 PM
> Subject: [PHP-DB] E-Commerce - Integrating Sessions With Charging
> Processes
> That rePOST
> > Hi,
> >
> > I have basically seen and used two methods for integrating credit card
> > gateways into PHP code.
> >
> > The first method is one that opens a socket to the gateway server and
> sends
> > the data from within the code.
> >
> > The second is where FORM data is posted to a https URL with the URL is
> > should send the response back to, with the confirmation code, etc.
> [snip]
> > Because the clients order id that is generated will be stored as a
> session,
> > I need a way to reference the order ID and confirmation code that is
> > returned by the posted data from the gateway, against the
> session data to
> > start inserting the data into the DB if it was a successful charge.
> You can store the session-id in the return URL.
> regards
> --
> Jason Wong
> Gremlins Associates

PHP Database Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to