Hello

Thanks to the help of the forum, I picked up a GeoTrust SSL certificate from EV1 servers to use on a shared domain between a few of my clients.

Now for the check out page, we are having our programmer set up to pass on my clients sites to our secured domain, example, to abc-secure.com/domain1 etc.

Well the programmer seems to be having problems doing this.
He says because all cart data is stored in cookies, and change domain for checkout, all cookies content is lost, even if the user logged in, and there is no way to see cart if we return to domain1.

We control our customers sites for them, and they are all in php.
It would seem to me it would be pretty straight forward, just coping the include folder, and setting up a check out page, on the secured/shared domain

Coming here to ask a few questions on this

How should this be done ?

And I am going to pass this on to the programmer.


And question on the programmer, shouldn't he know this ? I can understand if maybe he is having a problem because he didn't write the original code but this is basic stuff, no ?

Thanks in advance!

I would say get a wildcard cert so you can setup as many subdomains as you want and it might work a little better for you. I can't say that your programmer should have known how to do this. I know alot of great web designers and graphic artists who don't have a clue about alot of the aspects of intigration and scripting but they are still great at what they do.

Maybe do a search on google about shared ssl setup or something like that and see if you can come up with an answer and meanwhile someone on here might be able to help you more.

Or you can post over in the web design forum and see if someone can help you over their.

Good Luck!

Even if you get a widlcard - you would be using something like hisdomain.yourdomain.com - thus session cookies are tossed. To accomplish what you want, he needs his own SSL cert issued to www.hisdomain.com

You should probably setup a wildcard cert for shop1.yourdomain.com, shop2.youdomain.com, etc., though I suppose this could just as well be done with subdirectories and a regular cert. You need to start the session on the domain with the cert, otherwise, as your programmer has pointed out, the session data will be lost.

The only way you'll be able to pass data between someotherdomain.com and yourdomain.com is through a POST. That would be pretty cumbersome, but that is how PayPals cart upload works. My sugestion is: start the shopping cart on the secure domain, that would probably be the easiest solution.

Your programmer should have a clear understanding of how HTTP works if he's going to be developing web apps. It sounds like he does, that is, he was right to recognize that session data would not hold up between domains. He already knows a lot more than some programmers I worked with on major e-commerce sites.

Actually, the solution is very simple.

Store your sessions in a database, and pass the session id to the checkout link.

Heh, WebOnce is right, that makes most sense... Funny how the simplest solutions slip my mind some times :stickout:

I would suggest to submit the cookies data through a hidden form. When the user clicks "Check out" thre form would be posted. That's the way I overcome this problem

Depends on how you have your button. The advantage of the DB is you can modify the session storage to lock in the IP as well, so you don't have session jumping.