[Zope] Sharing session information between domains

Alec Munro alec.munro@eoascientific.com
Tue, 24 Jun 2003 15:28:35 -0300

Hi all,

I have what I'm sure is the common predicament of having an SSL site 
with a different domain than the non-SSL site. In fact, I have several 
domains utilizing the same domain for SSL transactions. I need to figure 
out a way of sharing session information between two domains, such that 
the user can move relatively freely between the domains without losing 
any information.
Just for an example of how this needs to work:

user comes to site (session created, insecure)
user adds product to shopping cart (insecure)
user checks out (goes to secure site)
user inputs payment info (secure)
user remembers he forgot something, goes back to catalogue (insecure)
user add another product to cart (insecure)
user checks out, payment information already input (secure)
user submits order (secure)

The important part is that the users personal information is never 
transmitted insecurely, while the amount of information that is 
transmitted securely is kept to a minimum.
This seems like a relatively common problem, so I would appreciate any help.

Thanks for your time,

Alec Munro
EOA Scientific Systems