Secure Redirectors

From XOMBO Documentation

If you want to require the request be handled by HTTPS (SSL encryption) you can create a simple redirect view. Redirect views inherit the same permissions as the view they're operating on behalf. The Redirect and the Destination must both be the same class name. Name the operative code for your view with the extension .https.php. To create the redirector, make a copy of “makesecure.view.php” and rename the class to be the same.

The same is true in reverse with makeinsecure.https.php. Simply name your operative code .view.php.

This system works by creating a temporary token associated with the user account and vendor. The token is passed the secure server and redeemed. Once redeemed the token becomes invalid and can no longer be used to assume control over a user's session. Once the secure data transactions are complete, XOMBO Platform will return the user and session back to the non- secure site, transparently. Site themes and styles are carried into the secure site with no additional configuration required.

This mechanism allows servers hosting services for multiple vendors to use a single SSL certificate to provide secured service for its users. When the user is directed to the secure site, their token provides sufficient information to import and display the theme consistent with the referring service.