We have websites which run on Drupal Multisites.
The checkout of all of these websites is on a seperate secure domain
all websites share the same database however the secure doamin has its own codebase - the other sites share codebase.
We currently pass data between e.g. http://www.websitesA.com and https://secure.websiteE.com through the use of a session cookie.
The problem we face is our website is being listed as not PCI complaint because we are passing sensitive data between http and https which is regarded as not secure.
We need a way to pass data to the secure domain and back again while not passing sensitive data via a session cookie.
Please list your relevant experience in helping us solve this problem.