One work around I have had for this - is to "force" the users to the secure URL... IE: Links to the cart, add to cart and products (all shopping links) are hardcoded to https://www.yoursite.com -=- that way I know the URL and can help ensure the session variables stay intact... (Once they go secure - keep them in the secure...)
Probably not the best work around - but it works for me. - Nick -----Original Message----- From: Paul Alkema [mailto:[email protected]] Sent: Thursday, April 01, 2010 8:02 AM To: cf-talk Subject: RE: What happens to session variables after redirecting to https? Hmm.. I don't think this is correct. My site doesn't pass tokens in order to keep session variables or cookies. When a user first lands on my http site, I set sessions/cookies and pass them to our cart which is https and both of them are transferred just fine and I don't pass any type cf tokens. I don't know if it makes a difference but I use 128 bit High-grade Encryption. Now... yoursite.com vs www.yoursite.com is a different issue. That is seen by most browsers as being different sites and doesn't allow you to pass cookies to between the two sites. Paul Alkema http://www.alkemadesigns.com/ -----Original Message----- From: Jason Fisher [mailto:[email protected]] Sent: Wednesday, March 31, 2010 10:49 PM To: cf-talk Subject: Re: What happens to session variables after redirecting to https? No, from a cookie perspective, http://mysite.com and https://mysite.com are 2 different domains, so you need to send the session tokens across the gap. Any of a number of approaches can work, but here's the quick and dirty: <cflocation url="https://#mySecureURL#"; addtoken="yes" /> Or, if you are using some other redirection, you can append the following to the URL: &cfid=#cookie.cfid#&cftoken=#cookie.cftoken# (Note that the nomenclature is different if you're using Java session IDs.) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:332518 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
