I would like to securely transfer sensitive variables between multiple in PHP. Normally I would use url parameters or session cookies to transfer non-sensitive values. I'm not sure how secure I can make cookies and url params or if there is a better option out there?
Asked
Active
Viewed 1,063 times
2
-
Are the domains common to each other? sub1.domain.com, sub2.domain.com, etc..? If that's the case, you can set the cookie on the parent domain and it'd be visible to all the sub domains. If the domains are completely different, then you'd have to use url parameters, and some form of encryption for the security. – Marc B Mar 08 '11 at 19:39
1 Answers
4
If you need good security, you can serialize() your parameters into a string, and AES encrypt the string on the origin server with mcrypt(), wrapped in base 64 encoding with base64_encode(). Pass the encrypted, encoded data to the other server as a single URL parameter where it can be decrypted using the AES shared key and parsed back to individual variables with unserialize().
Michael Berkowski
- 267,341
- 46
- 444
- 390