[ic] How I can retrieve info from secure server?

Lyn St George interchange-users@interchange.redhat.com
Wed Jan 16 16:58:01 2002 

On Wed, 16 Jan 2002 20:40:43 +0100, Joachim Leidinger wrote:
> >
>> >1. gather information about user (the 'session')
>> >2. prepare to initialize the secure transaction
>> >2b. Save the 'transaction' with some details
>> >       i.  owner of transaction, a user
>> >       ii. other stuff about the transaction you need to recover
>> >3. use a secure form (action="https://...") to post the details to the
>> >remote secure server
>> >4. have the secure server do whatever and submit the results back to you
>> >(aka, she user a secure form to post a transaction ID, some authentication
>> >you passed to her, and additional information such as state, return values,
>> >ect.)  The page she targets uses your 'transaction' database (created in 2b)
>> >to load the values and apply the results of her transaction confirmation.
>> >If the confirmation indicates failure, you then have the ability to deal
>> >with that failure and prepare for an additional step (retransmission.)

[snip]

>You have to transfer the session id to the other server and the other
>server has to transfer that session id back to your server and you have
>to get that session id from the other server and you have to use that
>session id to get the right session. That is what I do!

Hi Joachim

Well if you actually have it working then we'll put some work into it 
again. Digging through my memory I find this: everything, including 
the session id can be transferred through the other server and  made
available back on our server. Or rather, it would be available with 
the right session id, otherwise it could not be accessed. Where we 
got stumped was "using that original session id to get the right 
session", ie either replacing the new session with the old one or 
using [scratch ..] to pick up the old id and values. It is *not* possible 
to send that session id back via the callback URL (which would 
have helped greatly). The first page back on our server was next 
to useless for doing anything with IC ... hmm .. do you do an 
automagic http refresh to force the second page and use that 
to do things?

Maybe we just had a mental block against the obvious (it happens ... ) 
but we'll make time soon to work on it. 

>Joachim 
>
>-- 
>Hans-Joachim Leidinger | Dipl.-Phys.Ing. Entwicklung eCommerce
>[Hans-Joachim.leidinger@bpanet.de]
>Black Point Arts Internet Solutions GmbH
>http://www.bpanet.de


Cheers
Lyn St George
+---------------------------------------------------------------------------------
+ http://www.zolotek.net .. eCommerce hosting, consulting
+ http://www.os2docs.org .. some 'How To' stuff ...
+----------------------------------------------------------------------------------