How to move cart data from multiple domains to a common checkout?

larry1301

I have several domains hosted on an Apache 2.0.55, PHP 4.3.11, MySQL 3.23.58 VPS. All sites use the same IP. Much of the code for the sites is shared in a common directory using the Apache Alias directive.

Among the common code is a shopping cart and checkout that I wrote that all the sites use. Currently the sites are not secure. Payment is made after checkout via paypal or calling in a credit card. I want to add online processing of credit cards to my checkout and make it secure.

My problem is that I only want to buy one SSL certificate, rather than one for each site.

Currently when when something is added to the cart or goes to checkout, the URLS the customer goes to is something like:

http://www.thePaperFramer.Com/AddToCart.php
http://www.ComicFrames.Com/AddToCart.php
http://www.thePaperFramer.Com/Checkout.php
http://www.ComicFrames.Com/Checkout.php
etc

The AddToCart.php and Checkout.php scripts are shared across all domains. I want all checkout to now go through https://www.thePaperFramer.Com/Checkout.php using a single SSL certificate for thePaperFramer.Com. The cart itself will continue to be shared as is presently.

Most of this is straightforward but I have one issue that I can't decide on how to implement. That is moving the cart data from any of the domains to the checkout URL.

The cart data is stored in a session array. I can't decide what is the best way to move the cart data from the originating domain to the checkout domain. There appears to be several ways that this might be done.

I could POST all the cart data when I call the checkout URL. I don't know what the maximum size might be. Places like Yahoo stores seem to use this method for their shared carts and checkout. This method doesn't really appeal to me.
I could write the session cart array to a cookie but I haven't found a way yet of accessing a cookie from another domain.
If I could share the session data accross domains, this might work but I haven't found a way to do this yet.
I could write the cart to a database table. This is complicated slightly because the some of the domains use a different database.

I have googled this around and searcha number of furoms, but haven't seen a good solution for this. Any suggestions on the best way to proceed?

sneakyimp

i guess you've figured out that a cert can only apply to one domain. seems to me then that the addcart file should be hosted there. that would be a start.

your cart can be stored in session, cookie, or database. if it's stored in session, then session depends on cookies OR url rewriting to propagate your session id so the server knows which session data to fetch for a single user. cookies can't really be shared between domains so you might have some issues there but only if the domain hosting the shopping cart pages somehow forgets the session id when you leave it to go back and browse the other domain. my guess is that would only happen when a user has cookies turned off.

option 1: always an option, but you're trying to accept the card on your site, no?
option 2: forget about it. i don't think this is possible.
option 3: this can be done, but your two different domains are going to make sure they share a session ID for a user -- which is tough -- UNLESS one domain is completely responsible for tracking all shopping cart and checkout information. in that case, the other domain can just have links like this otherdomain.com/AddCart.php?product_id=234
option 4: you shouldn't have to do this...you'll still need to pass around a session id so that the different domains would know which session/shopping cart record to retrieve from the shared database.

hope that helps