Credit Card information in sessions

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
kendall
Forum Regular
Posts: 852
Joined: Tue Jul 30, 2002 10:21 am
Location: Trinidad, West Indies
Contact:

Credit Card information in sessions

Post by kendall »

Is It a good idea to store CC information in a $_SESSION provided that the environment is in SSL? I am in a situation where i may have to carry information accross pages and i was trying to find a way to carry across payment information. However depending on the results i will need to do some "redirecting"
samb0057
Forum Commoner
Posts: 27
Joined: Wed Mar 26, 2008 9:51 am

Re: Credit Card information in sessions

Post by samb0057 »

It should be ok, just make sure you use sessions not cookies, and encrypt it using the mcrypt extension (php.net/mcrypt). Use mcrypt_encrypt and store that in the session, and if you need to pull it back out use mcrypt_decrypt. There are some good examples on how to do this in the link.
User avatar
kaszu
Forum Regular
Posts: 749
Joined: Wed Jul 19, 2006 7:29 am

Re: Credit Card information in sessions

Post by kaszu »

Is it dedicated server?
Post Reply