Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2003
    Posts
    236
    Rep Power
    11

    non-SSL -> SSL page variable transfer? + your CF webhost?


    Hi guys,

    I'd like to use CF to make my own shopping cart - I thought about storing ordered product information in sessions (order page is regular, http page) but I'd like to know if that sessions will be readable on the SSL, checkout (https) page?

    Can you suggest me solution if all sessions are erased when entering SSL certificated page? I MUST have final, checkout page under https and I must find a way to transfer some variables on it.

    Thanks

    Also, I'd like to know where do you host your CF sites and for how much money - I don't want to post this question in hosting forum because I don't want to hear anything from service sellers - I want to hear user suggestion. Looking forward to hear your comments.

    Regards!
  2. #2
  3. No Profile Picture
    Moderator

    Join Date
    Jun 2002
    Location
    Raleigh, NC
    Posts
    5,263
    Rep Power
    968
    Sessions are independent of protocol. They work the same under http or https becuase the session identifier is a token that is stored in a cookie on the user's machine (or passed manually on each page request but a cookie is the default behavior). You'll have no problem reading the session data on an https page.
  4. #3
  5. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2003
    Posts
    236
    Rep Power
    11
    thanks kiteless I will try via sessions, can you please suggest me some stable but cheap CF webhosts?
  6. #4
  7. No Profile Picture
    Moderator

    Join Date
    Jun 2002
    Location
    Raleigh, NC
    Posts
    5,263
    Rep Power
    968
    I use Crystaltech, which runs about $16 a month for CFMX 6.1 shared hosting I belive.
  8. #5
  9. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2003
    Posts
    236
    Rep Power
    11
    are they stable webhost?

    does anyone know some, a bit cheaper webhost to suggest? (of course CF support is a must)
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2003
    Posts
    13
    Rep Power
    0
    We offer CFMX 6.1 hosting from $6.99/month. That comes with MS SQL 2000
  12. #7
  13. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2003
    Posts
    236
    Rep Power
    11
    Jodo: what about Access db support? I sent email to your support/sales team yesterday and never recieved any reply
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2003
    Posts
    13
    Rep Power
    0
    I'm not sure we got your email. We answer most sales emails within a few hours. What's your ticket ID?

    Yes, of course we support MS Access.
  16. #9
  17. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2003
    Posts
    236
    Rep Power
    11
    @kiteless: I heard that sessions are blanked when you try to transfer it to the SHARED https page because of domain changing when accessing shared SSL - is that true? I must have my own certificate in order to use sessions? If so, is there any cheaper solution than InstantSSL.com you can suggest?

    Also, I need to crypt credit card # because i MUST have it emailed - how perfect is this:

    <cfset variable = "#form.cc#">
    <cfset encrypted = "#encrypt(variable, "aljksflkajsfgnasoughuhsaiotu9382y5y1935y91y395y812395ryh9hasrhusjklbfkalf23g29523rgfalsjbfjasbf973g rfasb")#">
    <cfoutput>
    <p>Encrypted: #encrypted#<br>
    Decypted: #decrypt(encrypted, "aljksflkajsfgnasoughuhsaiotu9382y5y1935y91y395y812395ryh9hasrhusjklbfkalf23g29523rgfalsjbfjasbf973g rfasb")# </p>
    </cfoutput>

    Can you suggest me something better in order to save CC# from email spiders or you think this one should be enough?

    Thanks!
  18. #10
  19. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2003
    Posts
    236
    Rep Power
    11
    Originally posted by JodoHost
    I'm not sure we got your email. We answer most sales emails within a few hours. What's your ticket ID?

    Yes, of course we support MS Access.
    I didn't recieve any id. I sent email

    To: <sales@jodohost.com>
    Cc: <support@jodohost.com>

    and that's it - nobody answered

    Can you also answer to my question in regards to shared/non-shared SSL certificates, please? You offer shared one, right?
  20. #11
  21. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2003
    Posts
    13
    Rep Power
    0
    Hi

    Ok, I pulled this ticket up from the answered section. It appears the system couldn't get the response through to you. That's why you probably didn't receive a confirmation email with your ticket id.

    We offer shared SSL for free. You need a dedicated IP for each domain you want shared SSL enabled on. One dedicated IP is included for free
  22. #12
  23. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2003
    Posts
    236
    Rep Power
    11
    Originally posted by JodoHost
    Hi

    Ok, I pulled this ticket up from the answered section. It appears the system couldn't get the response through to you. That's why you probably didn't receive a confirmation email with your ticket id.

    We offer shared SSL for free. You need a dedicated IP for each domain you want shared SSL enabled on. One dedicated IP is included for free
    Can you answer to all question I sent you in email? If needed, I will resend it, just give me some address where you will be able to recieve/reply to it.
  24. #13
  25. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2003
    Posts
    13
    Rep Power
    0
    Hi

    Just resend the email from a different email address
  26. #14
  27. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2003
    Posts
    236
    Rep Power
    11
    Done.
  28. #15
  29. No Profile Picture
    Moderator

    Join Date
    Jun 2002
    Location
    Raleigh, NC
    Posts
    5,263
    Rep Power
    968
    Originally posted by vinyl
    @kiteless: I heard that sessions are blanked when you try to transfer it to the SHARED https page because of domain changing when accessing shared SSL - is that true? I must have my own certificate in order to use sessions? If so, is there any cheaper solution than InstantSSL.com you can suggest?

    Also, I need to crypt credit card # because i MUST have it emailed - how perfect is this:

    <cfset variable = "#form.cc#">
    <cfset encrypted = "#encrypt(variable, "aljksflkajsfgnasoughuhsaiotu9382y5y1935y91y395y812395ryh9hasrhusjklbfkalf23g29523rgfalsjbfjasbf973g rfasb")#">
    <cfoutput>
    <p>Encrypted: #encrypted#<br>
    Decypted: #decrypt(encrypted, "aljksflkajsfgnasoughuhsaiotu9382y5y1935y91y395y812395ryh9hasrhusjklbfkalf23g29523rgfalsjbfjasbf973g rfasb")# </p>
    </cfoutput>

    Can you suggest me something better in order to save CC# from email spiders or you think this one should be enough?

    Thanks!
    The session may be blanked if you rely on cookies to keep track of the cfid and cftoken/jsessionid. This is because cookies are domain specific. However if you pass the identifiers in the URL or form when you switch to SSL it should keep your session. I haven't used SSL in shared environments so this is all a guess but I see no reason why it wouldn't work.

    Regarding sending a credit card number in an email, I would strongly recommend against it. If you can decrypt the card number, then someone else can to. Keep in mind that you could probably be sued if a card number was compromised in this fashion. I can't think of any reason why you would need to keep the number...you use it during the transaction, store the resulting status codes from the processor, and that's it. There's no reason I've found to justify storing the card number. Places like Amazon.com are unique in that they have entire departments that do *nothing* but ensure the security of their networks and databases. If you can't provide similar expertise, then don't store that card number in a database, email or anywhere else.
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo