I got a client which is website is under SSL only on the payment proccess. But he bought shared SSL so the actual domain is different (although I think its the same server).
So when a user is logged in at for example: http://www.mydomain.com/login.php and tries to buy something he redirected to https://secure20.livessl.com/mydomaincom/payment.php
Now the $_Session vars are not set, so I can’t use it for the payment form.
I don’t want to send these by GET METHOD or POST METHOD… Any ideas?
Do I have to tell the client to buy private SSL ?
Thanks !
Preferably, they should get a certificate. They’re very affordable nowadays and it makes their business look infinitely more professional.
If they demand this 3rd party way, why don’t you want to send the data via POST method? It will be encrypted.
An alternative idea that comes to mind is to send a get with a long identifier appended to the query string (don’t use the session id) which the PHP script on the SSL server can then use to send a secure request (CURL) back to the originating server asking for the session vars. But this seems like overkill when a POST will do.