I am developing a merchandise site that need to collect some data from a secure server ( credit card info, account info etc.). I was going through the archives and found some useful material from gurus for transferring data between secure and non-secure servers. After going through the materials, I decided to implement it in the following way. I have to collect name, address from non-secure session and credit card information from secure session. 1. Get the sessionID and SessionCreationTime of the non-secure session and create an entry in a database table with primary key sessionID+sessionCreationtime (sessionRecordID). 2. Connect to the secure session Servlet by passing the primaryKey through the URL. (secureServlet?sessionRecordID=xxx) 3. The secure Servlet collects the creditCard information through a JSP page and updates the record with primary key SessionRecordID. 4. The secure Servlet connects to the non-secure servlet by passing the sessionRecordID through the URL. 5. The nonsecure Servlet somehow retrieves the previous session(?), gets the secure data from the database record and proceeds as normal. 6. The nonsecure Servlet deletes the sessionRecord. 7. There will be an additional trigger in the database to delete the dangling sessionRecords on a timelimit basis. The problem starts in step 5. I don't have a clue to get back to the previous nonsecure session as httpSessionContext.getSession(sessionID) is deprecated. My nonsecure session contains the shoppingCart items, userLogin information and I need to getback to the previous state for proceeding further. My questions are 1. How to get the session if I know the sessionID - step 5? Or any other solutions? 4. Any pointers, references? 5. Another idea which I have is persist all the information in the database as a BLOB. It would be little too much! comments? Thanks in advance for your help! Sree ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". Some relevant FAQs on JSP/Servlets can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
