469,916 Members | 2,562 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,916 developers. It's quick & easy.

SSL/Session question

Hi,

Just a quick question, I have a login page that sits on a non secure
page, if the users login details are correct then a session is created
and they are passed to another non secure page, once this page is
displayed all links go to secure pages using SSL.

What seems to be happening is that when a link to a secure page is
followed the session is lost and the user is re-directed to the login
page, is something in the passing between secure and non secure pages
that is destroying the session? If I enter the front of the site using
the SSL everything works fine which is the reason for my question.

Thanks

Peter


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Jul 19 '05 #1
2 2706
This is true that session variables won't be carried between http and https
pages.

Shouldn't the user be logging in over ssl anyway though? If you aren't
encrypting the login, what's the point? Even if the login page is not
https, at least have the form submit to https.

Ray at work

"Peter Rooney" <pe***@whoba.co.uk> wrote in message
news:ub**************@tk2msftngp13.phx.gbl...
Hi,

Just a quick question, I have a login page that sits on a non secure
page, if the users login details are correct then a session is created
and they are passed to another non secure page, once this page is
displayed all links go to secure pages using SSL.

What seems to be happening is that when a link to a secure page is
followed the session is lost and the user is re-directed to the login
page, is something in the passing between secure and non secure pages
that is destroying the session? If I enter the front of the site using
the SSL everything works fine which is the reason for my question.

Thanks

Peter


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Jul 19 '05 #2
Hi Ray,

Thanks for coming back to me, yes you are correct I have since moved the
login page over to the ssl, I figured that was the reason but just for
my own learning process I just wondered if transfering between http and
https would destroy a session.

Many thanks again for you reply

Peter

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Jul 19 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

9 posts views Thread by Xizor | last post: by
1 post views Thread by Paul | last post: by
1 post views Thread by Ernest Forman | last post: by
4 posts views Thread by DavidS | last post: by
10 posts views Thread by tshad | last post: by
18 posts views Thread by Rippo | last post: by
5 posts views Thread by George | last post: by
1 post views Thread by Waqarahmed | last post: by
reply views Thread by Salome Sato | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.