What is the best practice when designing a mission critical signup form when it comes to using django-powered sessions?
We've used Django for this for almost 3 years and had zero problems. Of course you want to start with the form on an HTTPS page and not just submit to HTTPS -- it makes people feel safer.
Django doesn't play the "cookie in the URL" game like some PHP platforms, so if the user doesn't accept cookies it ain't gonna work.
Don't forget that once you have all of that sensitive data you have to handle it correctly. We only store the last 4 digits in the online database, and that's just for verification purposes. Everything else is managed through a back door connection to a separate company that handles subscription management for us.
Don't try and deal with credit cards in your own app. There are all sorts of security issues. Hand off to one of the firms that specialise in that area - I've used RBS Worldpay successfully, but there are plenty of others, and they all expose good APIs.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With