A secure e-commerce store can only really be secure if transactions occur over a secure connection, such as SSL (HTTPS). Since SSL Security Certificates can be quite costly to purchase and time consuming to setup, sometimes it makes sense to “share” them across multiple solutions. But there’s a problem there: an SSL Cert will only work at the domain for which it was registered. So how do you get around that little issue if you still want to have a fully SEO friendly website, with it’s own unique domain name, where visitors can read your content, add products to their carts, post comments, but also perform secure actions like making purchases, saving personal data, ect.?
The answer is actually having two websites, even though it may seem to the visitor to be only one. One website operates over HTTP, and one operates securely over HTTPS. This raises some issues that have to be dealt with however, like when a visitor tries to login and is pushed to the HTTPS website for example. Web software, whether it’s simple in functionality, or complex – like an e-commerce platform, typically assigns a unique identifier to the visitor which can be referred to as that visitor’s session id. This session id is stored in the visitor’s cookies, and is sent back to the server upon every request. This gives the server software the opportunity to internally attach data to that user, and use it to customize what the visitor sees in their browser. It’s also used to keep track of whether a visitor is logged in, what items they have in their cart, and any thing else visitor specific.
To be continued in Part 2
