Hi Mark, basically what I am working on is integrating a step inbetween the checkout and the payment gateway processing. The cardholder information is checked for enrolment in the first step, if the cardholder is enrolled he will need to authenticate himself by password (this is where the 2nd page comes in) if the authentication is successfull he is forwarded to the 3rd page where the payment gateway processing takes place. It's like any other online payment integration i have done before but this time there is this extra step required due to Visa's and Mastercards new security feature. I didn't see an issue with passing this information along since it's already used in the verification of the cardholder which also requires the card number. I do require the payment info again on page 3 to pass it along to the payment gateway, but didn't want to store it on my end for that. What I gather from Richards answer earlier that the difference between $_POST, $_GET or $_COOKIE, $_SESSION is almost irrelevant, I might as well store the detail in a session to be able to use them on page 3 it seems. > Is this what happens: > > 1. User enters payment data > 2. XML check that payment data is OK > 3. redirection to a page (on another site?), where for some reason the > payment data is required again (why?). > > This sounds like a mixture of two ways of implementing online payments. > Forgive me if I'm telling you what you already know, but in general I > believe things work as follows: > > 1 The whole process from payment to verification takes place on the > payment > provider's server > or > 2. the whole thing takes place on your server, with some inline (XML in > this case) communication with your payment provider to verify the card > details. > > You seem to be doing a bit of both, or have I misunderstood? > Why do you need the payment details on the third page? If you don't > actually > need them, then the security problem goes away, and you can use the > session > object or whatever to persist the customer data. > Does this help? -- NEU: Telefon-Flatrate fürs dt. Festnetz! GMX Phone_Flat: 9,99 Euro/Mon.* Für DSL-Nutzer. Ohne Providerwechsel! http://www.gmx.net/de/go/telefonie -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php