redirected to an HTTPS connection during a checkout process. Basically you
are moving from http://www.foobar.com to https://secure.foobar.com - this
works at present as we have configured the load balancer to correctly
balance the users requests (Port 80 and Port 443) to the same machine,
therefore retaining the users session based on CFID/CFTOKEN which we pass in
the URL.
Recently we tested it on an MX install and found that the sessions are fine
when you are browsing/using the standard HTTP connection but when you are
'redirected' albeit on the same machine the session is lost completely. If
you stay on one connection all the time you are also sweet (i.e. stay or
start on the https connection from start to finish).
Does MX handle this scenario differently than 5? It seems that MX is simple
creating a new Cookie for each domain we visit and is ignoring the
CFID/CFTOKEN passed in the URL to associate the user with the session data
on the server - whereas CF5 would read the CFID/CFTOKEN value and get the
data regardless of the domain.
We obviously have some options - like redeveloping the storage system BUT
we need to know if this is a problem/new issue in MX before.
Any thoughts? If this is a change, was it made to ensure session swapping
could not take place - or at least easily not take place?
(apologies for X-Post as well for those on different lists - trying to find
an answer pronto!)
N
This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant,
Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed Business,
Registered in England, Number 678540. It contains information which is
confidential and may also be privileged. It is for the exclusive use of the
intended recipient(s). If you are not the intended recipient(s) please note
that any form of distribution, copying or use of this communication or the
information in it is strictly prohibited and may be unlawful. If you have
received this communication in error please return it to the sender or call
our switchboard on +44 (0) 20 89107910. The opinions expressed within this
communication are not necessarily those expressed by Reed Exhibitions.
Visit our website at http://www.reedexpo.com
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
