affiliate system security

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
m2babaey
Forum Contributor
Posts: 364
Joined: Sun May 20, 2007 9:26 am

affiliate system security

Post by m2babaey »

Hi
I want to code an affiliate tracking software. I know cookies is used. when i look through other similar sites, they say: there are other ways that we can't release for security reasons. now that I want to code such a program, what are issues that I should notice?
thanks
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: affiliate system security

Post by John Cartwright »

If they are hiding something behind a 'for security purposes'.. then there is inheritantly wrong with their design. There is nothing that should be seen as a security feature in this system, unless they are afraid of someone exploiting them.

In the system I am developing we generate variable 'tracking_id' which is passed in the url. This variable uniquely identifies the affiliate, the website, the plan, etc. Each promotional site will store this variable in the event there is a signup.
I've actually taken cookies out of the equation, and simply have a script I include on each promo site that will send a http request when there is a signup, or an upgrade to a free account.

Beyond this, it gets pretty complicated. Surely more complicated than I can explain in a post.
m2babaey
Forum Contributor
Posts: 364
Joined: Sun May 20, 2007 9:26 am

Re: affiliate system security

Post by m2babaey »

thanks.
then will promoters get paid if a visitor returns later to purchase?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: affiliate system security

Post by John Cartwright »

m2babaey wrote:thanks.
then will promoters get paid if a visitor returns later to purchase?
My system has free users, and paid users. So if the user signs up as a free user, then 6 months later they want to upgrade their account to paid, then the affiliate will still be credited. Like I said previously, I just send an http request when there is a signup or upgrade to notify the affiliate software. Since we store the tracking id of the user during the free signup (on the promotion websites) we can then send it during the upgrade to credit the affiliate.

This similarly can be achieved with cookies, although less reliably.
Post Reply