Hello,

My setup looks like:

Virtual server A is hosting an application
Virtual server B is hosting a trafficscript made authentication "mechanism"
both are on same ztxm cluster

Im having difficulties figuring out how to accomplish following:

User wants to use application on Virtual server A and if user chooses to authenticate with specific method (it cant be done straight on virtual server A), he/she is redirected from virtual server A to virtual server B, user is authenticated by trafficscript and specific authentication token put in a http header. As far as I know, I can't pass HTTP header from one virtual server to another (correct me if im wrong) , so i have two options: use cookies or pass the variable in query string.
So after the user is authenticated, he/she is redirected to virtual server A, where trafficscript takes the token from query string and puts it in to the http header.
This works, but the token beeing passed, is a bit sensitive and if its passed in a query string, it shoudl be encrypted. How do i accomplish this?
I tried to encrypt query string as follows:
on trafficscript in virtual server B : string.encrypt( $token, "passphrase" );
and on trafficsript in virtual server A : string.decrypt( $token, "passphrase" );

How do i accomplish encryption or is my approach wrong and there is easier way to do this?

Thank you,