Forum Discussion

Brian_69413's avatar
Brian_69413
Icon for Nimbostratus rankNimbostratus
Sep 22, 2011

SSL vs Non-SSL portions of the a website

How do you folks handle SSL(protected) vs non-SSL(public) content on a website while holding persistence for authed users.     We have a site where visitors can log in to view customized content...
config
design
Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Sep 26, 2011
What the session cookie does for you depends on whether it's set for persistence within a VS only, across a service, across VS's, or across pools...

 

 

A normal session cookie (NO matching) will be ignored by a second VS with a different pool.

 

 

A persistence across services will ensure that the same pool behind two VS's with the same IP wil hold persistence for a client (i.e. client will hit the same poolmember for :80 and:443 on site.com).

 

 

A persistence across VS's will ensure that my1.site.com:80 and my2site.com:443 will hold persistence for a client.

 

 

A persistence across pools will ensure that even if the pools are different...

 

 

Note that the membership of the default pool in this instance isn't checked... So it could lead to a security hole in your site if you don't encrypt the cookie...

 

 

H