Guest Posted March 14, 2006 Posted March 14, 2006 HI*there... [[apologies if this has been covered before, but we couldn't find it.]] We are preparing to sell PINs. Security of customer PINs is critical...until the customer gets it and uses/installs it. (Then it's dedicated to them and the number normally 'dies' as they use it). Because email delivery is normally in clear text over the Net, we will display the PIN info on the 'Thank You' page while the client is still in our SSL osCommerce pages. Please help us with your Best*Ideas: :lol: THANKS! ~~~ We need to send the customer a thank you email, of course [w/thanks to osC designers!]. Our idea:...in it....we... 1. Give them a link in the cleartext 'thank you' email (generic address) to our https:// osC shop. 2. There, they click a button (for example: in an 'info' box) Then they will have to log in again, and when logged in, 3. We display their most recent PIN# ...or better/ultimately, the list of PIN numbers they have bought in some logical order. ~ To do this we must use the Session ID for the displayed 'thank you' they see when they buy/bought their new PIN. ~ How do we get/harvest that Session ID and keep it, and use it again this way? Remember please: 1. The user clicks a link in the email, 2. then clicks a button in our shop, 3. then logs-in (or has already logged in, in another window of his/her browser) and sees either, a) the most recent PIN number, or ultimately B) a list of all the PINs in some 'normal' order(!) [maybe with a nifty 'date of purchase']. Please, Please, Please...your best experiences and crazy ideas are ALL Welcome! Big=Thanks=to=*EVERYBODY* who reads this and tries to explain what they have done or think might work well! :rolleyes: =User Friendly from anywhere in the world and SAFER than clear text email! B)
Guest Posted March 14, 2006 Posted March 14, 2006 Just as a footnote to clarify what_we_really_need, and not more...: --- PIN numbers 'stack' (are added) to each other, as the customer buys each new one, so for use in our shop, it is only necessary to retrieve the most recent PIN. Brits call this 'topping up' an account. (Yes, other people may want to show all the old PINs for their shops). In our business model, each PIN can be used for anything the customer buys through our shop. It is like having a coupon you can use to buy anything in the store. It's credit for services, obviously. ...What does this mean? If we can retrieve the Session ID that displayed the <specific Thank You page> of the most recent purchase, that is ENOUGH! ...because our 'Thank You' page displayed his/her _most_recent_PIN_number. ... ~ Obviously... We are also trying to build a solution repeatable and 'usable' in other people's shops [as an eventual contribution, of course], so anyone who wants to get a little pleasantly 'long winded' (enthusiastically verbose) about how they would do things is welcome to write here, too, or PM me, in numerous languages! ~ THANKS AGAIN, EVERYBODY... B)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.