I have 2 web sites running on the same server. Web1 needs to transfer data to web2 (same web server, different webs), passing sensitive data from one to the next. The browser will be using https. Are cookies possible/advisable here? My initial thoughts where to encrypt the data and pass through the querystring, both sites using a shared key. Perhaps also pass an encrypted expiration date to prevent the url from being reused in history if it’s on a shared computer.
Figuring it’s https and encrypted, initially it sounds ok. However, my gut tells me its unsecure. Another option is a session server but that seems a bit overkill for what I’m after.
What is the best way to securely transfer a single piece of data from 1 site to the next on the same web and do it relatively simply?
You can just have one site do an http post to the other site server-side. This information would never go through the browser and wouldn’t even have to be encrypted (although that certainly wouldn’t hurt).
You could even write data to the database and then redirect the user to a page on the second site that would read it (if the two sites can both access the database).