[ic] Session problem on separate SSL server
Mike Heins
mike at perusion.com
Fri Feb 12 14:47:21 UTC 2010
Quoting Rick Bragg (lists at gmnet.net):
> On Fri, 2010-02-12 at 02:15 -0500, Rick Bragg wrote:
> > On Thu, 2010-02-11 at 22:33 -0700, Jon Jensen wrote:
> > > On Thu, 11 Feb 2010, Rick Bragg wrote:
> > >
> > > > I have read up on this and thought I had everything right, but my
> > > > sessions are not carried over between my http and https servers.
> > > >
> > > > http://www.snowshoesvt.com
> > > > https://www.northstarsportsvt.com/snowshoesvt/
> > > >
> > > > In my catalog config, I have the following:
> > > > WideOpen 1
> > > > CookieDomain __COOKIE_DOMAIN__
> > > > And in my variables.txt I have:
> > > > COOKIE_DOMAIN .northstarsportsvt.com .snowshoesvt.com
> > > >
> > > > What else am I missing? How can I get these two domains to share a
> > > > session?
> > >
> > > What does the link or form look like when you're crossing the divide? It
> > > will have to have mv_session_id in the URL or the POST, because the
> > > session cookie won't cross the domains.
> > >
> > > Jon
> >
> > Ah, no sessionID in the URL. I thought there was some way to cross the
> > cookie... Is there really no way?
> >
> > Rick
> >
>
> Oh right, of course browser's won't share cookies across domains, (meany
> browsers! Nobody taught then to share!) I guess my question is this: Is
> there a way to insure that the session ID is passed via the URL or POST
> methods whenever the divide is crossed until the cookies are set to the
> same ID in both domains?
I think I had a "tips and tricks" on that one.
The best way is to make sure your order links are secure. Then it
doesn't matter so much.
AlwaysSecure order ord/ process query
And put an explicit secure=1 on order link generation.
--
Mike Heins
Perusion -- Expert Interchange Consulting http://www.perusion.com/
phone +1.765.328.4479 <mike at perusion.com>
The sun, with all those planets revolving around it and
dependent on it, can still ripen a bunch of grapes as if
it had nothing else in the universe to do. -- Galileo
More information about the interchange-users
mailing list