Sessions between http and https

andy · August 12, 2009, 4:39am

I have an online store I created and I’ve been saving a
“shopping_cart_id” in the session which references a data object.

I added “ssl_requirement” to the site and I put the Order Summary,
Checkout, and Confirm pages behind SSL. The only problem is that the
Order Summary page needs that session from “http” to access the
shopping cart data.

Is there a way to persist the session between http and https?

Or should I simply put all shopping cart actions behind SSL?

Or can I use “active_record_store” to solve my problems?

Any advice would be much appreciated.

Thanks,
Andy

andy · August 12, 2009, 5:06am

On Tue, 2009-08-11 at 19:38 -0700, Andy wrote:

Or can I use “active_record_store” to solve my problems?

Yes.

andy · August 12, 2009, 2:11pm

I switched to active_record_store and I took my shopping cart out from
behind SSL.

I’m creating session[:shopping_cart_id] WITHOUT SSL

But when I try to access session[:shopping_cart_id], I’m getting an
error.

Any ideas?

andy · August 12, 2009, 2:22pm

After a little digging, I discovered that if I have the page with the
form to ADD to the shopping cart NON-SSL, and I submit a form to an
SSL page, I lose the form data.

Given that, I MUST put my shopping cart on a NON-SSL page…

But I still don’t know how to persist the shopping cart between HTTP
AND HTTPS.

Any ideas?

andy · August 14, 2009, 2:24pm

Any ideas anyone?

Can I access the session between SSL and non-SSL?

Thanks,
Andy

andy · August 14, 2009, 2:46pm

Andy wrote:

Any ideas anyone?

Can I access the session between SSL and non-SSL?

Thanks,
Andy

If you get no help from here, you should go ask on freenode’s
rubyonrails channel… There’s a couple of really competent rails guys
there who are usually quite helpful.