Here's one possible way.
Prior to going to your secured site, write all session variables necessary
to a database. Delete the session variables and pass only the Record ID to
the secured site. When in the secured site load the variables into your
session and delete the row in the table.
-----Original Message-----
From: Jim McAtee [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 01, 2000 10:05 AM
To: CF-Talk
Subject: Re: Link from SSL to non-SSL
Here's the answer you don't want: Get a certificate for the (currently
non-secure) domain url. That way, you never have to leave the server you're
on to conduct secure transactions and you don't have to worry about passing
session variables between servers.
Jim
----- Original Message -----
From: "Dave Hannum" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, November 01, 2000 10:54 AM
Subject: OT: Link from SSL to non-SSL
> Hello,
>
> I have an application that uses session variables. To produce the final
> report, the application goes through SSL (to protect social security
> numbers, passwords, etc). When I enter the Secure server, I pass
variables
> via URL to the secure app to reproduce the session variables that had been
> produced previously in the non secure side. When the report is completed,
I
> clear the session variables in the secure side. Fine. Now, when I come
> back to the non-secure side of the app, the session variables there are
> still in tact. So, I put a url variable in the link that triggers the
> non-secure side to clear the session variables there when I come back in.
> This works fine except that I get the warning message pop-up when I click
> the link in the secure side to leave. The warning is that I'm headed from
> secure to unsecure and that the info I'm trying to pass will not be
secure.
> This message makes the users nervous. How can I avoid this, and still be
> able to clear the session variables on the non secure side. I've tried
> using the HTTP_REFERER to see where I'm coming from, and clear it that
way,
> but the secure server does not set the HTTP_REFERER environmental
variable,
> so that won't work. I've tried CFHTTP to call the clearing script before
I
> leave the secure side, but that does not work because (I believe) without
me
> actually being on the non-secure side, it can't find the session variables
> it needs. Any ideas?
>
> Thanks,
> Dave
>
>
> =================================
> "What we need is a list of specific unknown problems we will encounter"
>
> David Hannum
> Web Analyst/Programmer
> Ohio University
> [EMAIL PROTECTED]
> (740) 597-2524
----------------------------------------------------------------------------
--------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a
message with 'unsubscribe' in the body to [EMAIL PROTECTED]
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
