Hi Jens. I tried something similar to this about a year ago as an experiment. I think the problem I had at the time with with session expiring and I was thinking about storing the session data in the database and retrieving it back when user went back to non-ssl. This was a while ago and I did not follow it through at the time. I am use CMF not Plone however.

Regards,
David

Jens Vagelpohl wrote:

On 24 Jan 2006, at 18:10, David Pratt wrote:

I think this should be doable for single cert with multiple domains. Setup you exising ip with one domain (ie. mysecure_domain.com). Get the cert on this domain.


<snip>

Have you tested this? The authentication machinery uses cookies, and the browser will not send cookies that were set by the secure login host to the unsecured sites.

jens

_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to