Page 1 of 1

Credit Card information in sessions

Posted: Fri Apr 18, 2008 11:25 am
by kendall
Is It a good idea to store CC information in a $_SESSION provided that the environment is in SSL? I am in a situation where i may have to carry information accross pages and i was trying to find a way to carry across payment information. However depending on the results i will need to do some "redirecting"

Re: Credit Card information in sessions

Posted: Fri Apr 18, 2008 11:53 am
by samb0057
It should be ok, just make sure you use sessions not cookies, and encrypt it using the mcrypt extension (php.net/mcrypt). Use mcrypt_encrypt and store that in the session, and if you need to pull it back out use mcrypt_decrypt. There are some good examples on how to do this in the link.

Re: Credit Card information in sessions

Posted: Fri Apr 18, 2008 1:43 pm
by kaszu
Is it dedicated server?