Hi folks,
With our CMS / CRM application, we are looking at moving from a reliance on client variables towards more reliance on session variables, including as it relates to logins. One challenging scenario happens when a client is using SSL for ecommerce transactions. If a user logs in, using session variables for persistence, then goes to a page that is not in https and then goes to a page (e.g. an ecommerce screen) that uses https, sessions are dumped when the site goes into https and the login can be lost. We are probably going to solve that problem by just requiring the whole site to go into https. However, I wanted to know if there are other good ways to solve this. We have solved that kind of problem in a related scenario (with attribute scoped variables that need to survive https) by using wddx to store variables in the client scope and then get them back from there after moving into https. That has worked pretty well, but feels a bit complex. As we look at expanding our use of sessions, it seems like a good time to look at other options. So, are there other or better ways to keep session variables alive when a logged in user goes to an https encrypted page? Thanks in advance, Nick ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351171 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
