Sessions tracking is based on cookies, so if your two domains (http and
https) aren't the same (i.e. using a shared SSL certificate) then you'll
lose your state.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Peter
> Sent: Sunday, June 18, 2000 6:50 AM
> To: Orion-Interest
> Subject: Sessions And SSL
>
>
> Hi there,
>
> I am developing an e-commerce application. Some of the
> storefront pages
> such as
> checkout, order status etc. must be secured. So I configured two
> web-sites in
> config.xml: default-web-site(localhost:80) and
> secure-web-site(localhost:439).
> Now I must jump from shoppingcart.jsp ( unsecure page) to checkout.jsp
> ( secure page ). The problem is: the session ( and all the data ) is
> lost ! I tried to encode
> session id in the url, but i guess the session isn't shared by different
> web-sites...
> am I wrong ?
>
> Any idea or solution ?
> Peter
