Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Are django sessisons safe to use for mission critical signup forms?

What is the best practice when designing a mission critical signup form when it comes to using django-powered sessions?

  1. Is it generally considered ok to require the user to accept the session cookie?
  2. Are there any tips to maximize the percent of users who can accept the session cookie?
like image 454
Gattster Avatar asked Dec 18 '22 02:12

Gattster


2 Answers

We've used Django for this for almost 3 years and had zero problems. Of course you want to start with the form on an HTTPS page and not just submit to HTTPS -- it makes people feel safer.

Django doesn't play the "cookie in the URL" game like some PHP platforms, so if the user doesn't accept cookies it ain't gonna work.

Don't forget that once you have all of that sensitive data you have to handle it correctly. We only store the last 4 digits in the online database, and that's just for verification purposes. Everything else is managed through a back door connection to a separate company that handles subscription management for us.

like image 86
Peter Rowell Avatar answered Dec 19 '22 14:12

Peter Rowell


Don't try and deal with credit cards in your own app. There are all sorts of security issues. Hand off to one of the firms that specialise in that area - I've used RBS Worldpay successfully, but there are plenty of others, and they all expose good APIs.

like image 34
Daniel Roseman Avatar answered Dec 19 '22 14:12

Daniel Roseman