I have about 100 websites coded in ASP classic. Each website accepts orders and stores them in database. However, the payment of these orders must be made on another website, also coded in ASP classic. All websites are owned by same company, hosted on same IIS server and use the same SQL Server database.
Now, the user registers by entering some personal information and logs in to one of these website (e.g. website-for-newjersey.com) and places an order. He is then redirected to the payments website (payments.master-website.com on https) where some of his personal information (address, city, state for shipping; name for credit card holders name; etc) appears on the payment form. Credit card specific information is entered on that page.
Because of the sensitivity of information shown on that page, the user must login to the payment website before he/she can view the pre-filled payment form. And I do not want the user to login twice (once on each website). Is there a reliable way of checking if the user is logged in to the referring website using classic ASP.
Long story short
An HTTP cookie is a small amount of text that helps a website track information about a user across multiple pages of the website and personalize the user's experience on the website. If you've ever logged into a website, a cookie kept you logged in across multiple pages.
Browsers will keep you logged in by using some sort of browser storage. (for example cookies or localStorage or...). This data is called session data. Html pages are stateless, that means when you refresh a page, all data that came from the server previously, are removed, and have to be requested again.
From the calling site you could create a guid or some other randomly generated value. Store it on the users record (set to expire in a specified time period) in the database, encrypt it and pass it over SSL to the payment site where it is decrypted and then compared to the database. If they match then the user is logged in, if it doesn't match then they are asked to log in.
Another way although I'm not sure it can be done with different domain names is using sessions. Since they are all on the same machine it might be possible but I'm not 100% sure on that one.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With