your WDDX method has always worked well for me too, and I have used the same method for saving sessions as well. Just dump the entire session scope to WDDX and save it to the users record between page loads, then load it back it in later, such as after login or when switching to https.
On Tue, May 15, 2012 at 7:54 PM, Andrew Scott <andr...@andyscott.id.au>wrote: > > As you would be aware going from non SSL to SSL will be seen as a new > session by the browser, the one thing that you would need to do is remember > to keep your session variables to a minimum. The more you keep in here the > more it may end up costing you. > > What I mean by that is that you will need to way up the cost of growing in > relation to how much memory you waste to a user being connected, the more > users the more memory. Which means that in time you may find yourself > having to go to more servers (clustered) quicker than you may need too. > > Now you may not be in a situation where that is going to affect you, but > you should take that into consideration when deciding your longer plan for > the life of your application. > > > -- > Regards, > Andrew Scott > WebSite: http://www.andyscott.id.au/ > Google+: http://plus.google.com/108193156965451149543 > > > > On Wed, May 16, 2012 at 4:43 AM, Nick Gleason <n.glea...@citysoft.com > >wrote: > > > > > Hi folks, > > > > > > > > With our CMS / CRM application, we are looking at moving from a reliance > on > > client variables towards more reliance on session variables, including as > > it > > relates to logins. One challenging scenario happens when a client is > using > > SSL for ecommerce transactions. If a user logs in, using session > variables > > for persistence, then goes to a page that is not in https and then goes > to > > a > > page (e.g. an ecommerce screen) that uses https, sessions are dumped when > > the site goes into https and the login can be lost. > > > > > > > > We are probably going to solve that problem by just requiring the whole > > site > > to go into https. However, I wanted to know if there are other good ways > > to > > solve this. > > > > > > > > We have solved that kind of problem in a related scenario (with attribute > > scoped variables that need to survive https) by using wddx to store > > variables in the client scope and then get them back from there after > > moving > > into https. That has worked pretty well, but feels a bit complex. > > > > > > > > As we look at expanding our use of sessions, it seems like a good time to > > look at other options. So, are there other or better ways to keep > session > > variables alive when a logged in user goes to an https encrypted page? > > > > > > > > Thanks in advance, > > > > > > > > Nick > > > > > > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351174 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
