How would you go about setting up a farCry site to run over HTTP for general viewing and then HTTPS for member only areas when a login is required (with IIS)?
What is the purpose of the members only area? Is it essential to run under HTTPS? What proportion of the site is not an extranet? Generally my advice would be to run under one or the other and NOT both.
Would APPLICATION and SESSION variables be lost as the user is directed back and forward between HTTP and HTTPS?
Well they are not lost per se... however, when you switch from HTTP to HTTPS CF loses track of your session. HTTPS is a totally different port and so behaves like a totally seperate web site. For example, you would be issued with a new set of cookies and a *new* session on CF.
In order to seemlessly pass from one protocol to another you need to workout some mechanism for passing authentication credentials. This is just a classic web app problem and nothing really FarCry or even CF related.
Is there anything wrong/bad about running the whole site on HTTPS?
Performance is the only issue; both on the server and on the client.
Best regards,
-- geoff http://www.daemon.com.au/
--- You are currently subscribed to farcry-dev as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] Aussie Macromedia Developers: http://lists.daemon.com.au/
