[ic] How I can retrieve info from secure server?

Joachim Leidinger interchange-users@interchange.redhat.com
Wed Jan 16 15:31:01 2002 

Lyn St George wrote:
> >I would suggest that you look at the design of this process (this is just
> >how I would approach this) again and considering it not as a manner to
> >maintain a session after doing 'work' on a remote, secure server.  I would
> >think of it as a transaction and transaction confirmation between two secure
> >servers.
> >
> >>From a 'birds eye view' I would follow this logic :
> >
> >1. gather information about user (the 'session')
> >2. prepare to initialize the secure transaction
> >2b. Save the 'transaction' with some details
> >       i.  owner of transaction, a user
> >       ii. other stuff about the transaction you need to recover
> >3. use a secure form (action="https://...") to post the details to the
> >remote secure server
> >4. have the secure server do whatever and submit the results back to you
> >(aka, she user a secure form to post a transaction ID, some authentication
> >you passed to her, and additional information such as state, return values,
> >ect.)  The page she targets uses your 'transaction' database (created in 2b)
> >to load the values and apply the results of her transaction confirmation.
> >If the confirmation indicates failure, you then have the ability to deal
> >with that failure and prepare for an additional step (retransmission.)
> >
> >Again, this obvious doesn't contain any code and isn't a real solution --
> >just an opinion about how to apply my favored model for this type of
> >activity.
> 
> >-- Cory trese
> 
> This is the model we tried to follow some time ago, for the same
> scenario with WorldPay. As far as I remember it now, the problem
> we ran into, and couldn't find a *guaranteed* solution to, was that
> coming back to your own server initiated a new session in IC. Because
> of this, the first "entry" page of IC could do virtually nothing, as it is
> only the second page of a new session which can parse IC tags
> or perl properly.
> 
> Over the life time of Minivend / Interchange, numerous people have
> asked this same question and usually got responses like "yeah, well
> if they post a callback then you should be able to do it", BUT no-one
> has *ever* said "yes, we have done this, we have it working properly
> and this is how we did it". Hmmm ...  ISTR someone (possibly Mike H?)
> saying that he worked on the problem but found that it was taking up
> too much time and gave it up as not being worth the candle.
> 
> We do it by logging and emailing everything *before* leaving our
> own server, which is quite a different approach and obviously  not
> the preferred one.

You have to transfer the session id to the other server and the other
server has to transfer that session id back to your server and you have
to get that session id from the other server and you have to use that
session id to get the right session. That is what I do!

Joachim 

-- 
Hans-Joachim Leidinger | Dipl.-Phys.Ing. Entwicklung eCommerce
[Hans-Joachim.leidinger@bpanet.de]
Black Point Arts Internet Solutions GmbH
http://www.bpanet.de