How can I transfer Session info to a different domain on same server?

[Bishop]

Here is my situation. I'm building a web based store that will use the same
code base for every store using host headers to determine which data to
display. To prevent purchasing a SSL Cert for each domain I want to
redirect the checkout process to a different domain. I have two or three
session variables that contain sensitive data that I don't want to pass
across the address line or session cookie. Any thoughts on how I can pass
the contents of the session variable? I'm not completly opposed to a hidden
field but I haven't looked into it and wanted to find out if there is an
easy way to allow the user to go back and forth between the secure checkout
and the rest of the store while maintaining the session variables.

 

[Richard K Bethell]

- Create a unique identity value for your user - serialize yourself a GUID
or somesuch thing.
- Using a SQL Server, store your to-be-preserved values to a record in a
meta table you create for state maintenance. I.e. a table with columns "key"
and "value" in it, along with the guid, where you can use the SQL table as a
glorified hashtable.
- parameterize the URL or redirect over to the other server.
- On the other server, use the passed parameter, and look up the record in
your SQL hashtable-like database.

R.

 

[Guest]

A hiddenfields would be the least secure method possible. Simply save the
info to a database and then call it up on the checkout section by passing a
key field using Post or Get. Cookies don't work accross domains either,
imagine if Amazon could read your Barnes and Noble cookies.