Re: Loosing sessions on the same server with SSL
It's a shared SSL account. What I am noticing is that the session variable that holds the basket gets erased after the users hits the SSLd pages. I'd appreciate some insight... Thanks! Hi Stas, I'm guessing that you are using IE6 on CFMX? The latest versions of IE6 have a bug (or feature if you will) that causes issues if you are using a shared SSL with a different domain, even though I am passing the session ID when you switch to the secure server. It seems to only be an issue on MX servers. There's a couple easy ways to address this, I basically look for that situation and append the session information to the URL for those users during the entire checkout. You can contact me off the list for information on how exactly to modify the code. -- Mary Jo Sminkey [EMAIL PROTECTED] http://www.cfwebstore.com [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Loosing sessions on the same server with SSL
Cookies.Cookies keep track of the CFID and CFTOKEN which is how the server knows which session vars belong to who.Try adding CFID and CFTOKEN to the URL when the transition is made from non-ssl to ssl. If that's not it then I've got some other ideas, but try that first. +---+ Bryan Love Database Analyst Macromedia Certified Professional Internet Application Developer TeleCommunication Systems [EMAIL PROTECTED] +---+ ...'If there must be trouble, let it be in my day, that my child may have peace'... - Thomas Paine, The American Crisis Let's Roll - Todd Beamer, Flight 93 -Original Message- From: stas [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 6:29 AM To: CF-Talk Subject: Loosing sessions on the same server with SSL I've got an e-commerce app (a very old version of CF Webstore). My ISP has provided me with an SSL url to use for the final stages of the purchasing process. So during browsing, production selection the user is on: http://mystore.com/ The SSL protected pages go through: https://commerce.myisp.com/mystore/ It's a shared SSL account. What I am noticing is that the session variable that holds the basket gets erased after the users hits the SSLd pages. I'd appreciate some insight... Thanks! _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Re: Loosing sessions on the same server with SSL
Cookies.Cookies keep track of the CFID and CFTOKEN which is how the server knows which session vars belong to who.Try adding CFID and CFTOKEN to the URL when the transition is made from non-ssl to ssl. Unfortunately, just passing the CFID and CFTOKEN when you transition does not address this particular issue (CFWebstore already does that). The issue is that if you use a shared SSL, IE6 blocks the cookies as 3rd party (although this only seems to be an issue on CFMX). The easiest solution is just to install your own secure certificate, you can also try to implement a P3P policy on the site, the other option which I have used is to append the CFID and CFTOKEN throughout the checkout area, by checking if the user is on SSL and is using IE6. You just gotta love those MS features. Mary Jo Sminkey [EMAIL PROTECTED] http://www.cfwebstore.com [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]