473,233 Members | 1,470 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,233 software developers and data experts.

how to keep cookies or sessions between 2 sites?

Hello,

I have 2 separate web sites on 2 different boxes

www.xyz.com on box 1
www2.xyz.com on box 2

Users log into box 1 via regular ASP/Database authentication, and I keep a
session variable to mark authenticated users.

There's a link that would send users to box #2 at www2.xyz.com. How do I
check whether these users are authenticated or not? I do not want to present
a login screen again. Is it possible? If so, what are ways to do it, if not
session/cookies?

Thanks!

HH
Jul 19 '05 #1
5 3505
Dont believe so.
Best I could suggest is pass it as a hidden form field or in a DB

--
----------------------------------------------------------
Curt Christianson (Software_AT_Darkfalz.Com)
Owner/Lead Designer, DF-Software
http://www.Darkfalz.com
---------------------------------------------------------
...Offering free scripts & code snippits for everyone...
---------------------------------------------------------
"Hung Huynh" <hu***@wi.rr.com> wrote in message
news:uR**************@TK2MSFTNGP09.phx.gbl...
Hello,

I have 2 separate web sites on 2 different boxes

www.xyz.com on box 1
www2.xyz.com on box 2

Users log into box 1 via regular ASP/Database authentication, and I keep a
session variable to mark authenticated users.

There's a link that would send users to box #2 at www2.xyz.com. How do I
check whether these users are authenticated or not? I do not want to present a login screen again. Is it possible? If so, what are ways to do it, if not session/cookies?

Thanks!

HH

Jul 19 '05 #2
Assuming that both boxes have access to the same database, you can use some
text, number, or GUID that uniquely identifies the user's session. When the
user is authenticated against your database through Site 1, store this
identifier in the database and return it to the page which will transfer to
Site 2. The hidden form field suggested by Curt is a good way to do it, as
is encoding it in a query string.

Since I'm not sure I've concisely demonstrated my command of the English
language, here's a walk-through example.

1. User visits www.xyz.com (Site 1) and enters login information.
--> Your script or stored procedure compares login information to the
database.
--> The login info matches, so the script or stored procedure generates the
unique session id 12345678-9012-3456-7890-123456789012
--> The unique id is stored in the database and returned to your ASP script.

2. Your ASP script rolls this unique id into a hidden form field or
hyperlink, such as
<A HREF="http://www2.xyz.com/transfer.asp?UniqueSessionID=<%=
UniqueSessionID %>">Transfer!</A>
-- or --
<FORM NAME="formTransfer" ACTION="http://www2.xyz.com/transfer.asp"
METHOD="POST">
<INPUT TYPE="hidden" NAME="UniqueSessionID" VALUE="<%=
UniqueSessionID %>">
<INPUT TYPE="submit" VALUE="Transfer!">
</FORM>

3. The user clicks the link or submits the form, which takes them to
www2.xyz.com (Site 2).
--> The ASP script "transfer.asp" reads
Request.Querystring("UniqueSessionID") [or Request.Form("UniqueSessionID")
--> The ASP script looks for a matching record in the database for an
authenticated user with UniqueSessionID
--> A match is found, and any permissions/credentials/other pertinent
information is loaded from the database (not from cookies or Session
variables)

3. The user browses around Site 2.

4. The user logs out of Site 2 (or the session times out).
--> In your logout script and/or Session_OnEnd event, you include code to
clear out the UniqueSessionID from the database, indicating that the session
is no longer active.
A couple of final thoughts and notes:
- This is not a 100% hackproof solution, but it should work pretty well for
your needs, especially if the only thing you pass between servers is the
UniqueSessionID and the UniqueSessionID expires when the user logs off.
- Although you're certainly free to write extra code to come up with a
unique or semi-unique session id, there's no reason you can't use the
SessionID property for this particular application. You don't need the id
to be unique across days or years, you only need to identify the
authenticated user during the jump between domains.
- For that matter, if the user is not likely to ever go
Site1-->Site2-->Site1, there's really no need to persist the id in the
database after the initial transfer. You could delete it immediately and
increase security (because it would prevent anyone else from using that id
to connect to Site 2).

That's all I've got for now, though it can certainly be refined. Hope it
helps!

--Boris

"Curt_C [MVP]" <software_AT_darkfalz.com> wrote in message
news:uL**************@tk2msftngp13.phx.gbl...
Dont believe so.
Best I could suggest is pass it as a hidden form field or in a DB

--
----------------------------------------------------------
Curt Christianson (Software_AT_Darkfalz.Com)
Owner/Lead Designer, DF-Software
http://www.Darkfalz.com
---------------------------------------------------------
..Offering free scripts & code snippits for everyone...
---------------------------------------------------------
"Hung Huynh" <hu***@wi.rr.com> wrote in message
news:uR**************@TK2MSFTNGP09.phx.gbl...
Hello,

I have 2 separate web sites on 2 different boxes

www.xyz.com on box 1
www2.xyz.com on box 2

Users log into box 1 via regular ASP/Database authentication, and I keep a session variable to mark authenticated users.

There's a link that would send users to box #2 at www2.xyz.com. How do I
check whether these users are authenticated or not? I do not want to

present
a login screen again. Is it possible? If so, what are ways to do it, if

not
session/cookies?

Thanks!

HH


Jul 19 '05 #3
Thanks Curt and Boris for a detailed walk-through. I prefer capturing ID in
database table rather than passing it via hidden form field for security
reason. I may even incorporate some sort of time limit between the transfer.
I like Boris's suggestion of deleting ID from table right away after the
transfer, since I can create a new session var with this ID at site2, and
this should persist.

Once again, thank you both.

HH

"Boris Nikolaevich" <bo***@nikolaevich.mailshell.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
Assuming that both boxes have access to the same database, you can use some text, number, or GUID that uniquely identifies the user's session. When the user is authenticated against your database through Site 1, store this
identifier in the database and return it to the page which will transfer to Site 2. The hidden form field suggested by Curt is a good way to do it, as is encoding it in a query string.

Since I'm not sure I've concisely demonstrated my command of the English
language, here's a walk-through example.

1. User visits www.xyz.com (Site 1) and enters login information.
--> Your script or stored procedure compares login information to the
database.
--> The login info matches, so the script or stored procedure generates the unique session id 12345678-9012-3456-7890-123456789012
--> The unique id is stored in the database and returned to your ASP script.
2. Your ASP script rolls this unique id into a hidden form field or
hyperlink, such as
<A HREF="http://www2.xyz.com/transfer.asp?UniqueSessionID=<%=
UniqueSessionID %>">Transfer!</A>
-- or --
<FORM NAME="formTransfer" ACTION="http://www2.xyz.com/transfer.asp"
METHOD="POST">
<INPUT TYPE="hidden" NAME="UniqueSessionID" VALUE="<%=
UniqueSessionID %>">
<INPUT TYPE="submit" VALUE="Transfer!">
</FORM>

3. The user clicks the link or submits the form, which takes them to
www2.xyz.com (Site 2).
--> The ASP script "transfer.asp" reads
Request.Querystring("UniqueSessionID") [or Request.Form("UniqueSessionID")
--> The ASP script looks for a matching record in the database for an
authenticated user with UniqueSessionID
--> A match is found, and any permissions/credentials/other pertinent
information is loaded from the database (not from cookies or Session
variables)

3. The user browses around Site 2.

4. The user logs out of Site 2 (or the session times out).
--> In your logout script and/or Session_OnEnd event, you include code to
clear out the UniqueSessionID from the database, indicating that the session is no longer active.
A couple of final thoughts and notes:
- This is not a 100% hackproof solution, but it should work pretty well for your needs, especially if the only thing you pass between servers is the
UniqueSessionID and the UniqueSessionID expires when the user logs off.
- Although you're certainly free to write extra code to come up with a
unique or semi-unique session id, there's no reason you can't use the
SessionID property for this particular application. You don't need the id
to be unique across days or years, you only need to identify the
authenticated user during the jump between domains.
- For that matter, if the user is not likely to ever go
Site1-->Site2-->Site1, there's really no need to persist the id in the
database after the initial transfer. You could delete it immediately and
increase security (because it would prevent anyone else from using that id
to connect to Site 2).

That's all I've got for now, though it can certainly be refined. Hope it
helps!

--Boris

"Curt_C [MVP]" <software_AT_darkfalz.com> wrote in message
news:uL**************@tk2msftngp13.phx.gbl...
Dont believe so.
Best I could suggest is pass it as a hidden form field or in a DB

--
----------------------------------------------------------
Curt Christianson (Software_AT_Darkfalz.Com)
Owner/Lead Designer, DF-Software
http://www.Darkfalz.com
---------------------------------------------------------
..Offering free scripts & code snippits for everyone...
---------------------------------------------------------
"Hung Huynh" <hu***@wi.rr.com> wrote in message
news:uR**************@TK2MSFTNGP09.phx.gbl...
Hello,

I have 2 separate web sites on 2 different boxes

www.xyz.com on box 1
www2.xyz.com on box 2

Users log into box 1 via regular ASP/Database authentication, and I keep
a
session variable to mark authenticated users.

There's a link that would send users to box #2 at www2.xyz.com. How do
I check whether these users are authenticated or not? I do not want to

present
a login screen again. Is it possible? If so, what are ways to do it,

if not
session/cookies?

Thanks!

HH



Jul 19 '05 #4
Hi,

I might be missing something here - ASP session state certainly won't
fly between different boxes, but you can persist 'normal cookies'
between boxes on the same domain.

so.. depending on your scheme for authenticating, you could throw a
cookie on box1 with (syntax a bit rusty) a 'domain' property of
'xyz.com', and you would be able to read this OK on box 2. I guess
you could store the 'REMOTE_USER' server variable or a 'session id' or
something similar - not a password of course!!

The other answers about global 'session state' also make a lot of
sense and is how I normally tend to do it (you can't necessarily
assume that people have cookies switched on).

HTH

Matt Simner

"Hung Huynh" <hu***@wi.rr.com> wrote in message news:<uR**************@TK2MSFTNGP09.phx.gbl>...
Hello,

I have 2 separate web sites on 2 different boxes

www.xyz.com on box 1
www2.xyz.com on box 2

Users log into box 1 via regular ASP/Database authentication, and I keep a
session variable to mark authenticated users.

There's a link that would send users to box #2 at www2.xyz.com. How do I
check whether these users are authenticated or not? I do not want to present
a login screen again. Is it possible? If so, what are ways to do it, if not
session/cookies?

Thanks!

HH

Jul 19 '05 #5
there are some free com objects that handle this

"Matt Simner" <ma*********@hotmail.com> wrote in message
news:6d**************************@posting.google.c om...
Hi,

I might be missing something here - ASP session state certainly won't
fly between different boxes, but you can persist 'normal cookies'
between boxes on the same domain.

so.. depending on your scheme for authenticating, you could throw a
cookie on box1 with (syntax a bit rusty) a 'domain' property of
'xyz.com', and you would be able to read this OK on box 2. I guess
you could store the 'REMOTE_USER' server variable or a 'session id' or
something similar - not a password of course!!

The other answers about global 'session state' also make a lot of
sense and is how I normally tend to do it (you can't necessarily
assume that people have cookies switched on).

HTH

Matt Simner

"Hung Huynh" <hu***@wi.rr.com> wrote in message

news:<uR**************@TK2MSFTNGP09.phx.gbl>...
Hello,

I have 2 separate web sites on 2 different boxes

www.xyz.com on box 1
www2.xyz.com on box 2

Users log into box 1 via regular ASP/Database authentication, and I keep a session variable to mark authenticated users.

There's a link that would send users to box #2 at www2.xyz.com. How do I
check whether these users are authenticated or not? I do not want to present a login screen again. Is it possible? If so, what are ways to do it, if not session/cookies?

Thanks!

HH

Jul 19 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: TG | last post by:
This is more of a pain than I thought it would be. I need a simple code segment to determine whether a browser accepts cookies or not. When I pass variables between pages when cookies are turned...
6
by: Anonymous | last post by:
Hi! I've got an unusual problem here. I'm trying to write a PHP script that behaves like a web client. Why? I want to automatically check specific URLs for changes. I'm using...
1
by: windandwaves | last post by:
Hi Gurus I am basically sorry that I have to bother you about this. I am a PHP beginner and I have been studying sessions and cookies over the last few weeks. I have learned lots, but I am...
1
by: d.schulz81 | last post by:
Hi all, We have about 10 different domains that are linked very closely and we want to identify and keep track of every single user that surfs our websites by the use of sessions. The problem...
2
by: Amit D.Shinde | last post by:
Hello Experts.. I need some help regarding cookies and session objects and also global.asa file I am creating one cookie when a user logs in on my website. The cookie stores the login name of...
1
by: Scott Collens | last post by:
I am hoping someone can shed some light on this issue. I am developing a site in .NET using VB.NET on Windows 2000 Advanced Server. As I browse the site, if I delete my cookies through the...
2
by: Arno Seitinger | last post by:
Hi, how I have to handle cookies between asp and asp.net? between two asp sites it works fine, so I can use the sessions direct. but not between an asp site and an apx site. thanks arno
5
by: Martin Heuckeroth | last post by:
Hi We are working on a webservice application and are having some problems with the cookies and/or sessions. We have them working on our intranet but then its not working on the internet. We...
7
by: Marcus | last post by:
I know that when you start a session in PHP, the "cookie" it creates is not the same as those that are stored in your browser's temp folder, and instead is kept in RAM. I am confused because in...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.