[ic] How I can retrieve info from secure server?

Lyn St George interchange-users@interchange.redhat.com
Wed Jan 16 13:33:01 2002 

On Wed, 16 Jan 2002 12:04:12 -0500, Cory Trese wrote:

>I would suggest that you look at the design of this process (this is just
>how I would approach this) again and considering it not as a manner to
>maintain a session after doing 'work' on a remote, secure server.  I would
>think of it as a transaction and transaction confirmation between two secure
>servers.
>
>>From a 'birds eye view' I would follow this logic :
>
>1. gather information about user (the 'session')
>2. prepare to initialize the secure transaction
>2b. Save the 'transaction' with some details
>	i.  owner of transaction, a user
>	ii. other stuff about the transaction you need to recover
>3. use a secure form (action="https://...") to post the details to the
>remote secure server
>4. have the secure server do whatever and submit the results back to you
>(aka, she user a secure form to post a transaction ID, some authentication
>you passed to her, and additional information such as state, return values,
>ect.)  The page she targets uses your 'transaction' database (created in 2b)
>to load the values and apply the results of her transaction confirmation.
>If the confirmation indicates failure, you then have the ability to deal
>with that failure and prepare for an additional step (retransmission.)
>
>Again, this obvious doesn't contain any code and isn't a real solution --
>just an opinion about how to apply my favored model for this type of
>activity.

>-- Cory trese

This is the model we tried to follow some time ago, for the same 
scenario with WorldPay. As far as I remember it now, the problem 
we ran into, and couldn't find a *guaranteed* solution to, was that 
coming back to your own server initiated a new session in IC. Because 
of this, the first "entry" page of IC could do virtually nothing, as it is 
only the second page of a new session which can parse IC tags 
or perl properly.

Over the life time of Minivend / Interchange, numerous people have 
asked this same question and usually got responses like "yeah, well 
if they post a callback then you should be able to do it", BUT no-one 
has *ever* said "yes, we have done this, we have it working properly 
and this is how we did it". Hmmm ...  ISTR someone (possibly Mike H?)
saying that he worked on the problem but found that it was taking up 
too much time and gave it up as not being worth the candle. 

We do it by logging and emailing everything *before* leaving our 
own server, which is quite a different approach and obviously  not 
the preferred one. 


>Hello,
>
>I have processing company that required to enter credit card info on
>her secure server. Anybody can give me a thing how I can retrieve all
>session data after processing of credit card on another server and
>return result page?
>
>Sincerely,
>
>Alexei V. Fedchenko
>Russian Books Ltd.
>http://www.russianbooks.cc
>info@russianbooks.cc
>+7(095) 926-4725
>21, Varshavskoye shosse
>Moscow, Russia, 113105