[Zope] Sharing session information between domains

Alec Munro alec.munro@eoascientific.com
Tue, 24 Jun 2003 18:05:40 -0300


I realize that I forgot to mention that both the SSL and non sites are 
running off of the same Zope instance, on the same machine. I imagine 
your solution would probably still work, but I was hoping that there 
would be something simpler. Thanks for the advice.

Alec

Dylan Reinhardt wrote:

>I set up something like this that consisted of a two-way secure
>conversation.  If we label the public server X and the secure server Y:
>
>1. X prepares Y for client, shares some kind of token and/or cart id.
>2. Client visits Y using specially constructed URL, token, etc.
>3. Y retrieves cart securely from X each time data is needed.
>4. Billing data entered into Y stays on Y
>5. Y SSL-posts to X which items to mark as purchased.  
>
>There are probably other ways to do this, but the above can be
>implemented pretty easily with external methods and a crypto library.
>
>HTH,
>
>Dylan
>
>
>
>On Tue, 2003-06-24 at 11:28, Alec Munro wrote:
>  
>
>>Hi all,
>>
>>I have what I'm sure is the common predicament of having an SSL site 
>>with a different domain than the non-SSL site. In fact, I have several 
>>domains utilizing the same domain for SSL transactions. I need to figure 
>>out a way of sharing session information between two domains, such that 
>>the user can move relatively freely between the domains without losing 
>>any information.
>>Just for an example of how this needs to work:
>>
>>user comes to site (session created, insecure)
>>user adds product to shopping cart (insecure)
>>user checks out (goes to secure site)
>>user inputs payment info (secure)
>>user remembers he forgot something, goes back to catalogue (insecure)
>>user add another product to cart (insecure)
>>user checks out, payment information already input (secure)
>>user submits order (secure)
>>
>>The important part is that the users personal information is never 
>>transmitted insecurely, while the amount of information that is 
>>transmitted securely is kept to a minimum.
>>This seems like a relatively common problem, so I would appreciate any help.
>>
>>Thanks for your time,
>>
>>Alec Munro
>>EOA Scientific Systems
>>
>>
>>
>>_______________________________________________
>>Zope maillist  -  Zope@zope.org
>>http://mail.zope.org/mailman/listinfo/zope
>>**   No cross posts or HTML encoding!  **
>>(Related lists - 
>> http://mail.zope.org/mailman/listinfo/zope-announce
>> http://mail.zope.org/mailman/listinfo/zope-dev )
>>    
>>
>
>  
>