Building an affiliate network: Is this method safe?

[fe_81]

Hi,

 

I am building an own affiliate network and would like to hear your opinions about a few security related things.

 

Does anyone know of any guidelines how to place cookies and track sales when building an affiliate network. I don't need clean links or anything, just a link to my own server with a specific get parameter, which redirects to the store (the e-commerce website).

 

My idea is that I would place the cookie from my own domain on the redirecting-page and then let the store make a call to my server when a sale is made. This would be done by having the stores add an <img>-tag containing parameters in the url. In the php-script for this url, I check that the cookie is set.

 

Will this work on all browsers? What about 3rd party cookie settings?

 

Do I have to require that the stores sign the parameters in the img-tag url with the help of a secret key? It seems as if some big affiliate networks don't do this. If I don't sign, how can I protect against just going through a link (obtaining the cookie) and then making a call to the url of the img-tag?

 

What about cookie stuffing? I can't really find any info about how to protect against it? Is there any way?

 

Thank you for your help

 

-F