> The information that comes in from the first page is a creditcard form > with the standard values (CCnumber, Expiry Date, Cardholder name etc). > > On page 2 an XMLrequest is done with a verification gateway (in this case to > check for enrolment in 3D-Secure), the result for that I get back on the > same page and no redirection needs to be done. > > However AFTER the enrolment check with the gateway I need to send the user > along to the 3rd page, which is a URL that is provided by the verification > process. > So to get there, as I need to pass a heap of data to that 3rd page I can > either use GET or POST, but since the amount of data is fairly big the only > real option for this part seems POST. > > So it's not really about keeping the data persistent, it's more about the > fact on how to push the user along correctly. Is this what happens: 1. User enters payment data 2. XML check that payment data is OK 3. redirection to a page (on another site?), where for some reason the payment data is required again (why?). This sounds like a mixture of two ways of implementing online payments. Forgive me if I'm telling you what you already know, but in general I believe things work as follows: 1 The whole process from payment to verification takes place on the payment provider's server or 2. the whole thing takes place on your server, with some inline (XML in this case) communication with your payment provider to verify the card details. You seem to be doing a bit of both, or have I misunderstood? Why do you need the payment details on the third page? If you don't actually need them, then the security problem goes away, and you can use the session object or whatever to persist the customer data. Does this help? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
