Re: OT: Link from SSL to non-SSL

Wed, 01 Nov 2000 10:50:06 -0800 

How about using client variables in a database instead of session
variables?  Those work great across servers.

Steve Nelson

Dave Hannum wrote:
> 
> Hello,
> 
> I have an application that uses session variables.  To produce the final
> report, the application goes through SSL (to protect social security
> numbers, passwords, etc).  When I enter the Secure server, I pass variables
> via URL to the secure app to reproduce the session variables that had been
> produced previously in the non secure side.  When the report is completed, I
> clear the session variables in the secure side.  Fine.  Now, when I come
> back to the non-secure side of the app, the session variables there are
> still in tact.  So, I put a url variable in the link that triggers the
> non-secure side to clear the session variables there when I come back in.
> This works fine except that I get the warning message pop-up when I click
> the link in the secure side to leave.  The warning is that I'm headed from
> secure to unsecure and that the info I'm trying to pass will not be secure.
> This message makes the users nervous.  How can I avoid this, and still be
> able to clear the session variables on the non secure side.  I've tried
> using the HTTP_REFERER to see where I'm coming from, and clear it that way,
> but the secure server does not set the HTTP_REFERER environmental variable,
> so that won't work.  I've tried CFHTTP to call the clearing script before I
> leave the secure side, but that does not work because (I believe) without me
> actually being on the non-secure side, it can't find the session variables
> it needs.  Any ideas?
> 
> Thanks,
> Dave
> 
> =================================
> "What we need is a list of specific unknown problems we will encounter"
> 
> David Hannum
> Web Analyst/Programmer
> Ohio University
> [EMAIL PROTECTED]
> (740) 597-2524
> 
> 
>------------------------------------------------------------------------------------------------
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message 
>with 'unsubscribe' in the body to [EMAIL PROTECTED]

-- 
Steve Nelson
http://www.SecretAgents.com
Tools for Fusebox Developers
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message 
with 'unsubscribe' in the body to [EMAIL PROTECTED]

Reply via email to