Forum Moderators: buckworks
I was wondering if it is safe to store a customers delivery address and credit card details in a session for use in the checkout process.
Basically, the customers shopping cart and billing address is pulled from the database when they log in/register. They then need to enter the delivery address (if different from billing address) and their credit card details on the next page and then check everything and submit on the final page.
So, the delivery address and credit card details need to be temporarily stored so they can be reproduced on the final page to summarise the order. Is it safe to add these values to the Session? If so, will each value have to be added individually or can the address be added as a single element?
Many thanks indeed :)
ps. I'm using C#.NET, SQL Server 2000
We use Interchange as our shopping cart system which makes a point of _not_ storing credit card details in the session - in fact it ensures that once the card number has been encrypted or sent off to a payment processor then it is scrubbed from memory.
This is obviously a safe approach, but it does make checkout confirmation difficult because the credit card details must be the very last thing submitted.
