> basically what I am working on is integrating a step inbetween the checkout > and the payment gateway processing. > > The cardholder information is checked for enrolment in the first step, if > the cardholder is enrolled he will need to authenticate himself by password > (this is where the 2nd page comes in) if the authentication is successfull > he is forwarded to the 3rd page where the payment gateway processing takes > place. > > It's like any other online payment integration i have done before but this > time there is this extra step required due to Visa's and Mastercards new > security feature. > > I didn't see an issue with passing this information along since it's already > used in the verification of the cardholder which also requires > the card number. > > I do require the payment info again on page 3 to pass it along to the > payment gateway, but didn't want to store it on my end for that. > > What I gather from Richards answer earlier that the difference between > $_POST, $_GET or $_COOKIE, $_SESSION is almost irrelevant, I might > as well store the detail in a session to be able to use them on page > 3 it seems. Are you storing people's credit card numbers locally - if so, why? It seems like you are using them to identify users? (if that's what I am to infer from " I didn't see an issue with passing this information along since it's already used in the verification of the cardholder which also requires the card number." If you are, consider using email addresses instead. If you need to check whether someone already has an account with you or whatever, do it before you take their payment details and save yourself this bother. Or are you using 3d secure or similar, when the user has to enter their password/security code on the payment provider's website? That means you have to make 2 requests with the payment data, to different websites, is that right? One way around this might be to ask for the security code anyway at the first step, otherwise you are stuck with persisting the information locally. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
