Thanks for the info Dave. I didn't know the bit about load balancers hosting the certs. I'll have to ask our hosting company about the specific set up of our balancer.
>From my research, it seems that load balancers can use one (or more?) of the following methods to to determine which server should receive a request: 1) IP address of client 2) cookie 3) URL 4) SSL session id I don't know how my load balancer is configured yet (other than it is supposedly NOT using IP). If my LB is NOT hosting the secure cert, I'm actually having difficulty figuring out HOW it would track sessions correctly at the point when my user hit their first secure page after surfing the non-secure portion of the site. That very first secure request could potentially come across from an unknown IP with no identifiable cookies and a brand new SSL session id. The url and query string would also be encrypted too wouldn't it? I can't see how the load balancer would be able to recognize you unless it was hosting the cert, or unless there is some other way for the LB to decrypt the request. Perhaps someone could explain it to me since the inner workings of secure certs and LBs are sort of new to me. ~Brad > 3) Aren't cookies encrypted over SSL anyway-- so how > would my load balancer even see the cookies in the > request? Yes, cookies, like every other part of the HTTP request and response, are encrypted over SSL. However, most load balancers can host SSL certificates, so that the connection between the client and the load balancer is over SSL, but the connection between the load balancer and your web servers would be unencrypted. This has several advantages over using certificates on the individual web servers. In this case, of course, the load balancer could inject cookies into the request or response as appropriate. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:319825 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
