Well, seeing how I have at least TWO luggers interested in participating... I'll post a problem question I have that I HOPE either of you (or someone else) can suggest how to resolve? I'm currently working on a PHP app that deals with a lot of different functions (screens that is). Most of these functions are non-secured and work just fine. However, when the time comes to collect sensitive info such as credit card information it must be handled securely. On my servers I support named virtual hosts therefore only ONE of those virtual servers is SSL. So, when I am about to deliver one of these "secured" pages I code the SSL site on the action= tag on the form (i.e."https://$known-ssl-server-name/$PHP_SELF") which does get me there (sort of). Now, however, when I am done with the secured part and need to go back to the non-SSL server, I am yet to figure out a reliable way to accomplish this. Yes - I have come up with a few "off the wall" approaches of which none are really acceptable. So, I am calling on all of YOUR gray cells: How do YOU guys accomplish this same task? To help you think about it I'll provide some "needs": Non-secured server name: a.com SSL-secured server name: b.com PHP program namd: program.php The user would access the entry page with www.a.com and from there the index would ultimately deliver program.php which would interact with the user for any number of functions. Eventually we will need to capture some sensitive information that MUST be secured. It MUST be served on this particular server and therefore the SSL secured site is b.com. What technique would YOU use to transfer the user, along with his "session" to the b.com server to do its thing, and then get control back to the a.com server keeping the session intact? OK - brains away!!!! I am eagerly awaiting to see yours or any replies. Thanks, Bob
More information about the ECLUG mailing list