Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Need to Pass Session from non ssl to ssl domain 1

Status
Not open for further replies.
ericaalicen

ericaalicen

Programmer
Dec 20, 2001
53
US
I have a shopping cart session. In the past I've inserted the shopping cart contents and shipping info before moving so the ssl area to get credit card info. I've done this because in moving to the ssl area I always get an error that session.Cart does not exist if I try to carry the session. In researching this it seems that since the ssl and non-ssl areas are on the same server, session.Cart should still exist. I've tried passing the session.URLTOKEN since I seem to be assigned a new one if I don't pass it to the SSL area. But session.Cart still doesn't exist. I'm encountering some problems when users make mistakes and try to move back and forth between the ssl and non-ssl areas, so I need to re-code this somehow. Any ideas?
 
Sort by date Sort by votes
Your code looks fine to me. :)



Hope This Helps!

Ecobb
Beer Consumption Analyst

"My work is a game, a very serious game." - M.C. Escher
 
Upvote 0 Downvote
I'm not very familiar with the way ssl is normally set up on a server. I know in our set up the ssl certificate uses a virtual copy of the site. Does that change anything for the session?
 
Upvote 0 Downvote
The more I look this up, the more I find questions regarding this on the web with no viable answer. Some documentation states that passing a session from one domain to another is not possible even if they are on the same server, while others say it is. Anybody have answer on this?
 
Upvote 0 Downvote
from domain to domain? i don't think so...

A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.
-Douglas Adams (1952-2001)
 
Upvote 0 Downvote
Thanks for the input, but no one seems too sure about this. I can't be the first person to encounter this problem managing a session from a non-ssl area to an ssl area, and then having a problem with users attempting to back up.

I have a number of ideas of how to try to prevent user error. But it seems the simplest would be if I could find a way to carry the session back and forth. My boss seems to think it's possible because the session is still on the server.

Anybody else familiar with building shopping carts and run into this ssl losing the session problem? Some of what I've read suggests this isn't a problem if the ssl certificate is for the single domain? Unfortunately that's not my scenario and we have one certificate for the server.

So basically I really need a definitive answer, can you pass a session to a different domain on the same server? Is there any way to find that session on the server and make it belong to the new domain?
 
Upvote 0 Downvote
I just made this little test for ya.
each domain uses the same syntax in the application.cfm file including the application name. if you could share sessions i would imagine that's how you'd do it. But keep in mind if that were possible you'd have problems all over with developers swapping sessions because they used the same name for the application.

the point of ssl is to be secure. if you need to send info to the secure domain try doing it with a url (which isn't secure at all) or saving what you need in the secure site into a db. pass the temp customerID via url. get the information out of the db using the temp ID.

A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.
-Douglas Adams (1952-2001)
 
Upvote 0 Downvote
bombboy, thanks so much for this test and providing me with a definitive answer. I've been passing the customer id to the secure domain. My problem is that users are getting to the secure server and trying to go back to change/correct something. Right now when they do this they end up submitting another order. So I end up with an uncompleted order with no credit card info and a blank order with credit card info. What I'm going to have to do I guess is keep track of their session token, submit it with the order and check to see if they already exist and re-populate their order to the array if they do. This is going to take some work, so I wanted to make sure it wasn't possible to pass the session. Thank you. [smile]
 
Upvote 0 Downvote
I never liked shopping carts... want to see one that really stinks... check out godaddy.com. Ick.

You shouldn't have to send the token back to the original domain. You should be able to access the session information by just using the "session." scope.

A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.
-Douglas Adams (1952-2001)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

RosieGp
  • Locked
  • Question
How to read string of 0s and 1s 1
Replies
3
Views
723
LyndonOHRC
LyndonOHRC
LyndonOHRC
  • Locked
  • Question
Need help using ImageCrop()
Replies
1
Views
238
LyndonOHRC
LyndonOHRC
lwfg
  • Locked
  • Question
getting form values from ColdFusion programn to asp.net program
Replies
2
Views
308
LyndonOHRC
LyndonOHRC
Mike Lewis
  • Locked
  • Question
Using Dreamweaver to maintain a site not created in Dreamweaver
Replies
2
Views
706
Mike Lewis
Mike Lewis
Kjonnnn
  • Locked
  • Question
What is is called when you end a domain with a folder name.
Replies
2
Views
280
Kjonnnn
Kjonnnn

Part and Inventory Search

Sponsor

Back
Top