sessions between http and https

Andy5 · August 12, 2009, 2:38am

I have an online store I created and I've been saving a "shopping_cart_id" in the session which references a data object.

I added "ssl_requirement" to the site and I put the Order Summary, Checkout, and Confirm pages behind SSL. The only problem is that the Order Summary page needs that session from "http" to access the shopping cart data.

Is there a way to persist the session between http and https?

Or should I simply put all shopping cart actions behind SSL?

Or can I use "active_record_store" to solve my problems?

Any advice would be much appreciated.

Thanks, Andy

Bill_Walton1 · August 12, 2009, 3:05am

Yes.

Andy5 · August 12, 2009, 12:10pm

I switched to active_record_store and I took my shopping cart out from behind SSL.

I'm creating session[:shopping_cart_id] WITHOUT SSL

But when I try to access session[:shopping_cart_id], I'm getting an error.

Any ideas?

Andy5 · August 12, 2009, 12:21pm

After a little digging, I discovered that if I have the page with the form to ADD to the shopping cart NON-SSL, and I submit a form to an SSL page, I lose the form data.

Given that, I MUST put my shopping cart on a NON-SSL page...

But I still don't know how to persist the shopping cart between HTTP AND HTTPS.

Any ideas?

Andy5 · August 14, 2009, 12:23pm

Any ideas anyone?

Can I access the session between SSL and non-SSL?

Thanks, Andy

11175 · August 14, 2009, 12:46pm

Andy wrote:

Any ideas anyone?

Can I access the session between SSL and non-SSL?

Thanks, Andy

If you get no help from here, you should go ask on freenode's rubyonrails channel.. There's a couple of really competent rails guys there who are usually quite helpful.