LOL - you're right - I don't want that answer.
Dave
----- Original Message -----
From: "Jim McAtee" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, November 01, 2000 1:04 PM
Subject: Re: Link from SSL to non-SSL
Here's the answer you don't want: Get a certificate for the (currently
non-secure) domain url. That way, you never have to leave the server you're
on to conduct secure transactions and you don't have to worry about passing
session variables between servers.
Jim
----- Original Message -----
From: "Dave Hannum" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, November 01, 2000 10:54 AM
Subject: OT: Link from SSL to non-SSL
> Hello,
>
> I have an application that uses session variables. To produce the final
> report, the application goes through SSL (to protect social security
> numbers, passwords, etc). When I enter the Secure server, I pass
variables
> via URL to the secure app to reproduce the session variables that had been
> produced previously in the non secure side. When the report is completed,
I
> clear the session variables in the secure side. Fine. Now, when I come
> back to the non-secure side of the app, the session variables there are
> still in tact. So, I put a url variable in the link that triggers the
> non-secure side to clear the session variables there when I come back in.
> This works fine except that I get the warning message pop-up when I click
> the link in the secure side to leave. The warning is that I'm headed from
> secure to unsecure and that the info I'm trying to pass will not be
secure.
> This message makes the users nervous. How can I avoid this, and still be
> able to clear the session variables on the non secure side. I've tried
> using the HTTP_REFERER to see where I'm coming from, and clear it that
way,
> but the secure server does not set the HTTP_REFERER environmental
variable,
> so that won't work. I've tried CFHTTP to call the clearing script before
I
> leave the secure side, but that does not work because (I believe) without
me
> actually being on the non-secure side, it can't find the session variables
> it needs. Any ideas?
>
> Thanks,
> Dave
>
>
> =================================
> "What we need is a list of specific unknown problems we will encounter"
>
> David Hannum
> Web Analyst/Programmer
> Ohio University
> [EMAIL PROTECTED]
> (740) 597-2524
----------------------------------------------------------------------------
--------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a
message with 'unsubscribe' in the body to [EMAIL PROTECTED]
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]