[Zope] Sharing session information between domains
Dylan Reinhardt
zope@dylanreinhardt.com
24 Jun 2003 15:14:07 -0700
Ah... yes. Huge difference. Much easier.
In this case, all I would suspect you need is a way of recognizing that
the cookie produced by one domain should be linked to the cookie that
was produced by another.
Probably the easiest way to do this is to include content from both
domains in one crucial page, such as the shopping cart view page. When
that page is loaded, you can set matching domain-specific cookies that
will enable you to follow the client across domains.
Dylan
On Tue, 2003-06-24 at 14:05, Alec Munro wrote:
> I realize that I forgot to mention that both the SSL and non sites are
> running off of the same Zope instance, on the same machine. I imagine
> your solution would probably still work, but I was hoping that there
> would be something simpler. Thanks for the advice.
>
> Alec
>
> Dylan Reinhardt wrote:
>
> >I set up something like this that consisted of a two-way secure
> >conversation. If we label the public server X and the secure server Y:
> >
> >1. X prepares Y for client, shares some kind of token and/or cart id.
> >2. Client visits Y using specially constructed URL, token, etc.
> >3. Y retrieves cart securely from X each time data is needed.
> >4. Billing data entered into Y stays on Y
> >5. Y SSL-posts to X which items to mark as purchased.
> >
> >There are probably other ways to do this, but the above can be
> >implemented pretty easily with external methods and a crypto library.
> >
> >HTH,
> >
> >Dylan
> >
> >
> >
> >On Tue, 2003-06-24 at 11:28, Alec Munro wrote:
> >
> >
> >>Hi all,
> >>
> >>I have what I'm sure is the common predicament of having an SSL site
> >>with a different domain than the non-SSL site. In fact, I have several
> >>domains utilizing the same domain for SSL transactions. I need to figure
> >>out a way of sharing session information between two domains, such that
> >>the user can move relatively freely between the domains without losing
> >>any information.
> >>Just for an example of how this needs to work:
> >>
> >>user comes to site (session created, insecure)
> >>user adds product to shopping cart (insecure)
> >>user checks out (goes to secure site)
> >>user inputs payment info (secure)
> >>user remembers he forgot something, goes back to catalogue (insecure)
> >>user add another product to cart (insecure)
> >>user checks out, payment information already input (secure)
> >>user submits order (secure)
> >>
> >>The important part is that the users personal information is never
> >>transmitted insecurely, while the amount of information that is
> >>transmitted securely is kept to a minimum.
> >>This seems like a relatively common problem, so I would appreciate any help.
> >>
> >>Thanks for your time,
> >>
> >>Alec Munro
> >>EOA Scientific Systems
> >>
> >>
> >>
> >>_______________________________________________
> >>Zope maillist - Zope@zope.org
> >>http://mail.zope.org/mailman/listinfo/zope
> >>** No cross posts or HTML encoding! **
> >>(Related lists -
> >> http://mail.zope.org/mailman/listinfo/zope-announce
> >> http://mail.zope.org/mailman/listinfo/zope-dev )
> >>
> >>
> >
> >
> >
>
>
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )