We ran across the same issue in a previous project and this is how we solved
it.
1. Create a unique sessionID.
String theSessionKey =
theSession.getId() + theSession.getCreationTime();
long value = ( long ) ( Math.random() * 100.0 );
theSessionKey += String.valueOf( value );
2. Insert the current SessionInformation (all the non-secure information to
be passed to the secure server) in a database table with the primary key as
"theSessionKey".
3. Create a SessionManager singleton object which contains a hashtable of
HttpSession objects. Add the current session object to the hashtable.
3. Connect to the secure server and pass the session key through URL.
(https://securesite.domain.com\servlets\paymentServletOrJSP?sessionKey=blah")
4. The secure session retrieves the information from the database record and
records user actions in the same table.
5. Redirect the user to the non-secure server with the SessionKey.
6. The non-secure server retrieves the information from the database and
gets the HttpSession from the SessionManager singleton object.
7. Clean up the database record with the SessionKey. You can write a
database procedure to check the SessionInfo table for records which are
longer than 15 minutes (session timeouts) and, if exists, delete them.
If you need to carry the entire shopping cart to the secure server, you need
to store a lot of data in the database. Another option is to carry only the
total amount to the secure server.
Sree Pillai
>From: Donnell Hughes <[EMAIL PROTECTED]>
>Reply-To: A mailing list about Java Server Pages specification and
> reference <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Shopping Cart Apps/Sessions Across Multiple Servers
>Date: Tue, 14 Nov 2000 10:23:47 -0500
>
>Hi.
>
>I'm currently working on the checkout portion of a shopping cart
>application. The shopping cart information is kept in a session. When the
>user wants to checkout, he will be redirected to a physically separate
>secure server to handle the input of account information. I'm looking for
>suggestions on how to send the cart information to the secure server. Is
>anyone utilizing such an architecture, or are you using one physical
>machine
>with one instance of JRun and two webserver instances--one secure and one
>unsecure?
>
>Thanks.
>
>===========================================================================
>To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
>JSP-INTEREST".
>Some relevant FAQs on JSP/Servlets can be found at:
>
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
