Easiest way to securely transfer data from one web to the next

Question

I have 2 web sites running on the same server. Web1 needs to transfer data to web2 (same web server, different webs), passing sensitive data from one to the next. The browser will be using https. Are cookies possible/advisable here? My initial thoughts where to encrypt the data and pass through the querystring, both sites using a shared key. Perhaps also pass an encrypted expiration date to prevent the url from being reused in history if it's on a shared computer. Figuring it's https and encrypted, initially it sounds ok. However, my gut tells me its unsecure. Another option is a session server but that seems a bit overkill for what I'm after.

What is the best way to securely transfer a single piece of data from 1 site to the next on the same web and do it relatively simply?

Answer 1

If I'm reading this right, you have two different web sites running on the same web server that need to share data securely. Correct?

If that's the case, don't send the data in the browser. If the sites are on the same server, you can have them communicate directly. Server-side communication within a closed server will be more secure than any system you can deploy to the client's browser.

You should consider implementing a web service on your server to handle the request. That way each website only needs to know about the web service and not about one another.

Answer 2

You can just have one site do an http post to the other site server-side. This information would never go through the browser and wouldn't even have to be encrypted (although that certainly wouldn't hurt).

You could even write data to the database and then redirect the user to a page on the second site that would read it (if the two sites can both access the database).