in reply to Apache::Session::File and mod_rewrite

in the step where the creditcard is POSTed, i've changed the action to: <form name='checkout' method='POST' action='/order/fliers.cgi:SSL'>

Doesn't that mean that you post the credit card data through an unencrypted connection, and then redirect them to an encrypted one?

Instead, send them to the SSL version of the page one step before-hand, when you're going to generate that form, and pass the session ID in the query string for that step.

  • Comment on Re: Apache::Session::File and mod_rewrite

Replies are listed 'Best First'.
Re: Re: Apache::Session::File and mod_rewrite
by geektron (Curate) on May 21, 2004 at 17:52 UTC
    you raise a good point ... but the behavior is the same regardless of where i attempt the redirection. i just tried.
[reply]

In Section Seekers of Perl Wisdom