Safe way to Store Credit Card Info Across Pages ASP.NET MVC

I'm running ASP.NET MVC and need a safe way to store credit-card data temporarily (I have a order confirmation page, which posts to an action that actually processes the order). I tried TempData, but it doesn't survive the post. Can I safely use session since it's stored on the server开发者_运维问答?

Thanks.

You really shouldn't even be requesting the numbers until the last step in the process. Additionally, you should be using SSL for the entire span of the process too. If you decide to store them in Session, encrypt them just for an added degree of safety.

Sessons are insecure (thanks to the commentors for correcting me on this). Not only are they susceptible to a brute-force attack, there are several other vulnerabilities. http://www.dreamincode.net/forums/showtopic61503.htm

If you absolutely must use sessions to store your data, make sure to use a suitable session timeout so that people don't accidentally leave their credit card details on a public computer.

I would strongly recommend, however, that you review the Payment Card Industry Data Security Standard (PCI DSS). https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

Session state will persist the information, but it is not secure. Be aware that any kind of persistence may be violating the terms of service with the bank or credit agency. Most of them have very strict regulations on what you're allowed to do with this information.