With our CMS / CRM application, we are looking at moving from a reliance on
client variables towards more reliance on session variables, including as it
relates to logins. One challenging scenario happens when a client is using
SSL for ecommerce transactions. If a user logs in, using session variables
for persistence, then goes to a page that is not in https and then goes to a
page (e.g. an ecommerce screen) that uses https, sessions are dumped when
the site goes into https and the login can be lost.
We are probably going to solve that problem by just requiring the whole site
to go into https. However, I wanted to know if there are other good ways to
We have solved that kind of problem in a related scenario (with attribute
scoped variables that need to survive https) by using wddx to store
variables in the client scope and then get them back from there after moving
into https. That has worked pretty well, but feels a bit complex.
As we look at expanding our use of sessions, it seems like a good time to
look at other options. So, are there other or better ways to keep session
variables alive when a logged in user goes to an https encrypted page?