I set up something like this that consisted of a two-way secure conversation. If we label the public server X and the secure server Y: 1. X prepares Y for client, shares some kind of token and/or cart id. 2. Client visits Y using specially constructed URL, token, etc. 3. Y retrieves cart securely from X each time data is needed. 4. Billing data entered into Y stays on Y 5. Y SSL-posts to X which items to mark as purchased. There are probably other ways to do this, but the above can be implemented pretty easily with external methods and a crypto library. HTH, Dylan On Tue, 2003-06-24 at 11:28, Alec Munro wrote:
Hi all,
I have what I'm sure is the common predicament of having an SSL site with a different domain than the non-SSL site. In fact, I have several domains utilizing the same domain for SSL transactions. I need to figure out a way of sharing session information between two domains, such that the user can move relatively freely between the domains without losing any information. Just for an example of how this needs to work:
user comes to site (session created, insecure) user adds product to shopping cart (insecure) user checks out (goes to secure site) user inputs payment info (secure) user remembers he forgot something, goes back to catalogue (insecure) user add another product to cart (insecure) user checks out, payment information already input (secure) user submits order (secure)
The important part is that the users personal information is never transmitted insecurely, while the amount of information that is transmitted securely is kept to a minimum. This seems like a relatively common problem, so I would appreciate any help.
Thanks for your time,
Alec Munro EOA Scientific Systems
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )