A
Adil Akram
I've developed a shopping cart app in ASP, to secure transaction by SSL, it
've put only the checkout page in SSL but all other pages i.e. product, cart
etc remains on non SSL connection. How can I track user session from non SSL
to SSL checkout page as the SessionID changes when shifting to SSL (to
prevent session stealing/ hijacking). I'm tracking user session by putting
SessionID in cart DB with products. Given below the preview of cart table
Cart table
ID SessionID Product Quantity
==================================
1 1234564 product1 5
2 1234564 item2 3
3 1234564 product3 1
4 4234564 product1 1
If I use any custom cookies, hidden form value (whether plain or encrypted),
it can be hacked by sniffing and changing cookie or hidden value and mapping
it to any other ordering session etc.
Please explain in detail with example, what's the best way to implement SSL
in shopping cart application.
regards,
Adil
've put only the checkout page in SSL but all other pages i.e. product, cart
etc remains on non SSL connection. How can I track user session from non SSL
to SSL checkout page as the SessionID changes when shifting to SSL (to
prevent session stealing/ hijacking). I'm tracking user session by putting
SessionID in cart DB with products. Given below the preview of cart table
Cart table
ID SessionID Product Quantity
==================================
1 1234564 product1 5
2 1234564 item2 3
3 1234564 product3 1
4 4234564 product1 1
If I use any custom cookies, hidden form value (whether plain or encrypted),
it can be hacked by sniffing and changing cookie or hidden value and mapping
it to any other ordering session etc.
Please explain in detail with example, what's the best way to implement SSL
in shopping cart application.
regards,
Adil