[Zope] Sharing session information between domains
Dylan Reinhardt
zope@dylanreinhardt.com
24 Jun 2003 13:28:26 -0700
I set up something like this that consisted of a two-way secure
conversation. If we label the public server X and the secure server Y:
1. X prepares Y for client, shares some kind of token and/or cart id.
2. Client visits Y using specially constructed URL, token, etc.
3. Y retrieves cart securely from X each time data is needed.
4. Billing data entered into Y stays on Y
5. Y SSL-posts to X which items to mark as purchased.
There are probably other ways to do this, but the above can be
implemented pretty easily with external methods and a crypto library.
HTH,
Dylan
On Tue, 2003-06-24 at 11:28, Alec Munro wrote:
> Hi all,
>
> I have what I'm sure is the common predicament of having an SSL site
> with a different domain than the non-SSL site. In fact, I have several
> domains utilizing the same domain for SSL transactions. I need to figure
> out a way of sharing session information between two domains, such that
> the user can move relatively freely between the domains without losing
> any information.
> Just for an example of how this needs to work:
>
> user comes to site (session created, insecure)
> user adds product to shopping cart (insecure)
> user checks out (goes to secure site)
> user inputs payment info (secure)
> user remembers he forgot something, goes back to catalogue (insecure)
> user add another product to cart (insecure)
> user checks out, payment information already input (secure)
> user submits order (secure)
>
> The important part is that the users personal information is never
> transmitted insecurely, while the amount of information that is
> transmitted securely is kept to a minimum.
> This seems like a relatively common problem, so I would appreciate any help.
>
> Thanks for your time,
>
> Alec Munro
> EOA Scientific Systems
>
>
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )