Maintaining state between 2 domains

I'm writing a web site for a friend. The site is going to have to
consist of two ASP.NET applications: one running over HTTP and one
over HTTPS. The problem is that the domains will be different, so how
do I maintain state between the public area (http://www.mydomain.com)
and the secure area (https://secure.myisp.com/mydomain)?

What I'm trying to achieve here is for the site user to login to the
site in the secure area, and then have a GUID that identifies the
user's "session" that can be accessed by pages from either
application. When I've done this in the past I've just stored a value
in a cookie, but that's always been on sites where both applications
are on the same domain - that's not the case this time.

Any suggestions?

Any help will be gratefully received.

Pete

re: Maintaining state between 2 domains

About the only way I can think of accomplishing this is to have a gateway
page on each of the domains that passes the session var's back and forth. As
your clients move from one domain to the next, you would need to force them
thru the appropriate gateway page. For example:

------------------------
Link from non-secure to secure:
------------------------
<a href='https://secure.myisp.com/mydomain/gateway.aspx?var1=a&var2=b'>Click
here for secure access</a>

https://secure.myisp.com/mydomain/gateway.aspx would contain the following
code:

session("var1")=request("var1")
session("var2")=request("var1")
response.redirect "default.aspx"

------------------------
Link from secure to non-secure:
------------------------
<a href='http://www.mydomain.com/gateway.aspx?var1=a&var2=b'>Click here for
non-secure access</a>

http://www.mydomain.com/gateway.aspx would contain the following code:

session("var1")=request("var1")
session("var2")=request("var1")
response.redirect "default.aspx"

Hope this helps..... Rich

"Pete" wrote:
[color=blue]
> I'm writing a web site for a friend. The site is going to have to
> consist of two ASP.NET applications: one running over HTTP and one
> over HTTPS. The problem is that the domains will be different, so how
> do I maintain state between the public area (http://www.mydomain.com)
> and the secure area (https://secure.myisp.com/mydomain)?
>
> What I'm trying to achieve here is for the site user to login to the
> site in the secure area, and then have a GUID that identifies the
> user's "session" that can be accessed by pages from either
> application. When I've done this in the past I've just stored a value
> in a cookie, but that's always been on sites where both applications
> are on the same domain - that's not the case this time.
>
> Any suggestions?
>
> Any help will be gratefully received.
>
> Pete
>[/color]

re: Maintaining state between 2 domains

I was hoping there might have been a slightly more "invisible" solution
in .NET, but this one looks pretty tidy so I'll give it a go.

Thanks for your help,

Pete

Rich wrote:[color=blue]
> About the only way I can think of accomplishing this is to have a[/color]
gateway[color=blue]
> page on each of the domains that passes the session var's back and[/color]
forth. As[color=blue]
> your clients move from one domain to the next, you would need to[/color]
force them[color=blue]
> thru the appropriate gateway page. For example:
>
> ------------------------
> Link from non-secure to secure:
> ------------------------
> <a[/color]
href='https://secure.myisp.com/mydomain/gateway.aspx?var1=a&var2=b'>Click
[color=blue]
> here for secure access</a>
>
> https://secure.myisp.com/mydomain/gateway.aspx would contain the[/color]
following[color=blue]
> code:
>
> session("var1")=request("var1")
> session("var2")=request("var1")
> response.redirect "default.aspx"
>
> ------------------------
> Link from secure to non-secure:
> ------------------------
> <a href='http://www.mydomain.com/gateway.aspx?var1=a&var2=b'>Click[/color]
here for[color=blue]
> non-secure access</a>
>
> http://www.mydomain.com/gateway.aspx would contain the following[/color]
code:[color=blue]
>
> session("var1")=request("var1")
> session("var2")=request("var1")
> response.redirect "default.aspx"
>
> Hope this helps..... Rich
>
> "Pete" wrote:
>[color=green]
> > I'm writing a web site for a friend. The site is going to have to
> > consist of two ASP.NET applications: one running over HTTP and one
> > over HTTPS. The problem is that the domains will be different, so[/color][/color]
how[color=blue][color=green]
> > do I maintain state between the public area[/color][/color]
(http://www.mydomain.com)[color=blue][color=green]
> > and the secure area (https://secure.myisp.com/mydomain)?
> >
> > What I'm trying to achieve here is for the site user to login to[/color][/color]
the[color=blue][color=green]
> > site in the secure area, and then have a GUID that identifies the
> > user's "session" that can be accessed by pages from either
> > application. When I've done this in the past I've just stored a[/color][/color]
value[color=blue][color=green]
> > in a cookie, but that's always been on sites where both[/color][/color]
applications[color=blue][color=green]
> > are on the same domain - that's not the case this time.
> >
> > Any suggestions?
> >
> > Any help will be gratefully received.
> >
> > Pete
> >[/color][/color]