2

Let me explain the scenario that I want to recreate. I have coded a server application that acts as a middleman between online merchants and their customers.

Basically, the idea is that customers go to buy products on the merchant's website, then the merchant sends the purchase description to the server along with a digital signature. The server then validates the details and sends a URL to the online merchant. The online merchant should then redirect the customer to this URL.

Now, my question is, I want the page to where the user is redirected to contain some data in order to help me identify the particular transaction in question. More specifically, I want to keep track of the vendor_username (the username with which the online merchant registered on the server) and the transaction_id. Now this would be simply achieved using Sessions if it was my website from where the customers are redirected instead of a third party.

I thought of passing the vendor_username and transaction_id in the URL to the online merchant as a query string, however I know that the query string can be easily edited from the address bar and as such is not an option. How can I implement it please? Sorry for the long description but I wanted to explain my situation in detail so that you could understand what I want. Thank you :)

Improve this question

1 Answer 1

Reset to default
1

Possibly using a WCF service and tieing the transactions to something like GUIDs? I'm suggesting an N-Teir architecture model, more can be found here: http://www.codeproject.com/Articles/430014/N-Tier-Architecture-and-Tips

This is how we accomplished a similar task in a previous project of mine. This might be an interesting read.

Hope my answer helps get you on the right track for your solution!

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Note that in that article "transaction" refers to a commit to a database, not a sales transaction. The article just explains how you would use 2 WCF services to commit one transaction to the database in the case you require separate services. I included it because it sounds like your solution has several different projects and I'm not sure if you want them to use the same, or separate services. Mainly I was suggesting the use of GUIDs in the query string if you go that route, or in the service call as a parameter. Which would be better than plain text username & transactionID
That's a brilliant idea. It did not occur to me. Thanks :)
Thank you very much :) I appreciate it immensely :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.