Would it work if you carried the SSL through and continued the session?

On 1/24/06, David Pratt <[EMAIL PROTECTED]> wrote:
> Hi Jens. I tried something similar to this about a year ago as an
> experiment. I think the problem I had at the time with with session
> expiring and I was thinking about storing the session data in the
> database and retrieving it back when user went back to non-ssl. This was
> a while ago and I did not follow it through at the time. I am use CMF
> not Plone however.
>
> Regards,
> David
>
> Jens Vagelpohl wrote:
> >
> > On 24 Jan 2006, at 18:10, David Pratt wrote:
> >
> >> I think this should be doable for single cert with multiple  domains.
> >> Setup you exising ip with one domain (ie.  mysecure_domain.com). Get
> >> the cert on this domain.
> >
> >
> > <snip>
> >
> > Have you tested this? The authentication machinery uses cookies, and
> > the browser will not send cookies that were set by the secure login
> > host to the unsecured sites.
> >
> > jens
> >
> > _______________________________________________
> > Zope maillist  -  Zope@zope.org
> > http://mail.zope.org/mailman/listinfo/zope
> > **   No cross posts or HTML encoding!  **
> > (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
> > http://mail.zope.org/mailman/listinfo/zope-dev )
> >
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
>
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to