By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,292 Members | 1,514 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,292 IT Pros & Developers. It's quick & easy.

Problems with Session

P: n/a
Hi everybody

I'm setting up 2 websites for a friend of mine, en I'm have problems with
one of the sites.

The situation: I have 2 different domains (both in the .NL domain). Both
domains provides the possibility for users to log in. The loginscript and
the databases are hosted at server 1. The site at server 2 contains a link
to the loginpage at server 1. That works well... so far.

The problem is that when I log in at server 2, he doesn't accept it. I found
out that the Session variable I use isn't recognised. I use
Session("protected") to keep track of the users who are logged in. When
there credentials are right according to the database,
Session("protected")=True and the loginpage gives a redirection to
partner.asp by doing Response.Redirect "partner.asp". Trying to log in from
server 1 works fine, trying to log in from server 2 doesn't.

My questions therefore are:
1. Is the Session variable rememberd by server 2 (although server 1 contains
the loginpage en gives a redirection to a page on server 1)
2. What can I do to correct this problem?

Your answers are appreciated, and sorry for the possible worse language in
this message (English is not my native language ;))

Greetings,
Marc
Jul 19 '05 #1
Share this Question
Share on Google+
8 Replies


P: n/a
Session variables and cookies are not cross domain. In MSIE see Options,
Security, direct an inderct cookies
Jul 19 '05 #2

P: n/a
On Fri, 25 Jun 2004 22:21:51 +0200, "Marc Hoeve" <mr*****@hotmail.com>
wrote:

1. The session variable will not be on Server 2, that's for sure.
2. Ask yourself questions.

Are the domains pointing to IP addresses that sit on two completely
different network cards/boxes? Are these virtual domains? Given all
the microsoft Q articles on security issues and stuff, this question
may lead to something. Who knows.

Is the <A></A> link on the page from server2 using a fully qualified
domain name starting with http:// and reference to the directory and
page name on server1?

Is the form "action" attribute pointing to a fully qualified domain
name and script name on Server 1?

Have you tried various cookie settings, including "Accept all" to see
if this has any impact?

Just some ideas. Enjoy.
Hi everybody

I'm setting up 2 websites for a friend of mine, en I'm have problems with
one of the sites.

The situation: I have 2 different domains (both in the .NL domain). Both
domains provides the possibility for users to log in. The loginscript and
the databases are hosted at server 1. The site at server 2 contains a link
to the loginpage at server 1. That works well... so far.

The problem is that when I log in at server 2, he doesn't accept it. I found
out that the Session variable I use isn't recognised. I use
Session("protected") to keep track of the users who are logged in. When
there credentials are right according to the database,
Session("protected")=True and the loginpage gives a redirection to
partner.asp by doing Response.Redirect "partner.asp". Trying to log in from
server 1 works fine, trying to log in from server 2 doesn't.

My questions therefore are:
1. Is the Session variable rememberd by server 2 (although server 1 contains
the loginpage en gives a redirection to a page on server 1)
2. What can I do to correct this problem?

Your answers are appreciated, and sorry for the possible worse language in
this message (English is not my native language ;))

Greetings,
Marc


Jul 19 '05 #3

P: n/a
Hi Maarten,

I don't want to share the session variable between the domains. I just want
to create a session on server 1 by clicking on the link to the login page at
server 2... The session must be rememberd by server 1...

Thanx for your answer though :)

Greetings,
Marc

"Maarten" <no****@spam.com> schreef in bericht
news:9e**********************@phobos.telenet-ops.be...
Session variables and cookies are not cross domain. In MSIE see Options,
Security, direct an inderct cookies

Jul 19 '05 #4

P: n/a
Hi,

Thank you for your answer.

As I answered Maarten, the session variable must be rememberd by server 1
for the program to function correctly. All files that work with this session
are at server 1, that's why I can't figure out where the problem is.
Are the domains pointing to IP addresses that sit on two completely
different network cards/boxes? Are these virtual domains? Given all
the microsoft Q articles on security issues and stuff, this question
may lead to something. Who knows.
I don't know that. The websites are hosted by an ISP (both sites are hosted
by the same ISP). But knowing that site 1 contains all the files that work
with session, I can't imagine that this has anything to do with that...
Is the <A></A> link on the page from server2 using a fully qualified
domain name starting with http:// and reference to the directory and
page name on server1? Tried both fully qualified domain names and the short one :)

Is the form "action" attribute pointing to a fully qualified domain
name and script name on Server 1? Yes, it is... and for testing, I also tried to just point to the file...
both worked in that sense, that it didn't matter....
Have you tried various cookie settings, including "Accept all" to see
if this has any impact? As far as I know, Session variables are not stored in cookies, but are
rememberd by IIS for a period of time (depending on the specific setting of
IIS at this point).

Maybe you have some other idea's. Anyway, thank you for your answer...
Appreciate it :)

Greetings,
Marc

<ou***@ou812.com> schreef in bericht
news:40****************@news.dallas.sbcglobal.net. .. On Fri, 25 Jun 2004 22:21:51 +0200, "Marc Hoeve" <mr*****@hotmail.com>
wrote:

1. The session variable will not be on Server 2, that's for sure.
2. Ask yourself questions.

Are the domains pointing to IP addresses that sit on two completely
different network cards/boxes? Are these virtual domains? Given all
the microsoft Q articles on security issues and stuff, this question
may lead to something. Who knows.

Is the <A></A> link on the page from server2 using a fully qualified
domain name starting with http:// and reference to the directory and
page name on server1?

Is the form "action" attribute pointing to a fully qualified domain
name and script name on Server 1?

Have you tried various cookie settings, including "Accept all" to see
if this has any impact?

Just some ideas. Enjoy.
Hi everybody

I'm setting up 2 websites for a friend of mine, en I'm have problems with
one of the sites.

The situation: I have 2 different domains (both in the .NL domain). Both
domains provides the possibility for users to log in. The loginscript and
the databases are hosted at server 1. The site at server 2 contains a linkto the loginpage at server 1. That works well... so far.

The problem is that when I log in at server 2, he doesn't accept it. I foundout that the Session variable I use isn't recognised. I use
Session("protected") to keep track of the users who are logged in. When
there credentials are right according to the database,
Session("protected")=True and the loginpage gives a redirection to
partner.asp by doing Response.Redirect "partner.asp". Trying to log in fromserver 1 works fine, trying to log in from server 2 doesn't.

My questions therefore are:
1. Is the Session variable rememberd by server 2 (although server 1 containsthe loginpage en gives a redirection to a page on server 1)
2. What can I do to correct this problem?

Your answers are appreciated, and sorry for the possible worse language inthis message (English is not my native language ;))

Greetings,
Marc

Jul 19 '05 #5

P: n/a
On Fri, 25 Jun 2004 23:26:19 +0200, "Marc Hoeve" <mr*****@hotmail.com>
wrote:

Try to put:

Response.AddHeader "HTTP_REFERRER", "[http://domain/path of server 1]"
into the server1 page ... maybe that will trick it?

Maybe I'll run into this problem someday.

I give up. Good luck!
Hi,

Thank you for your answer.

As I answered Maarten, the session variable must be rememberd by server 1
for the program to function correctly. All files that work with this session
are at server 1, that's why I can't figure out where the problem is.
Are the domains pointing to IP addresses that sit on two completely
different network cards/boxes? Are these virtual domains? Given all
the microsoft Q articles on security issues and stuff, this question
may lead to something. Who knows.


I don't know that. The websites are hosted by an ISP (both sites are hosted
by the same ISP). But knowing that site 1 contains all the files that work
with session, I can't imagine that this has anything to do with that...
Is the <A></A> link on the page from server2 using a fully qualified
domain name starting with http:// and reference to the directory and
page name on server1?

Tried both fully qualified domain names and the short one :)

Is the form "action" attribute pointing to a fully qualified domain
name and script name on Server 1?

Yes, it is... and for testing, I also tried to just point to the file...
both worked in that sense, that it didn't matter....
Have you tried various cookie settings, including "Accept all" to see
if this has any impact?

As far as I know, Session variables are not stored in cookies, but are
rememberd by IIS for a period of time (depending on the specific setting of
IIS at this point).

Maybe you have some other idea's. Anyway, thank you for your answer...
Appreciate it :)

Greetings,
Marc

<ou***@ou812.com> schreef in bericht
news:40****************@news.dallas.sbcglobal.net ...
On Fri, 25 Jun 2004 22:21:51 +0200, "Marc Hoeve" <mr*****@hotmail.com>
wrote:

1. The session variable will not be on Server 2, that's for sure.
2. Ask yourself questions.

Are the domains pointing to IP addresses that sit on two completely
different network cards/boxes? Are these virtual domains? Given all
the microsoft Q articles on security issues and stuff, this question
may lead to something. Who knows.

Is the <A></A> link on the page from server2 using a fully qualified
domain name starting with http:// and reference to the directory and
page name on server1?

Is the form "action" attribute pointing to a fully qualified domain
name and script name on Server 1?

Have you tried various cookie settings, including "Accept all" to see
if this has any impact?

Just some ideas. Enjoy.
>Hi everybody
>
>I'm setting up 2 websites for a friend of mine, en I'm have problems with
>one of the sites.
>
>The situation: I have 2 different domains (both in the .NL domain). Both
>domains provides the possibility for users to log in. The loginscript and
>the databases are hosted at server 1. The site at server 2 contains alink >to the loginpage at server 1. That works well... so far.
>
>The problem is that when I log in at server 2, he doesn't accept it. Ifound >out that the Session variable I use isn't recognised. I use
>Session("protected") to keep track of the users who are logged in. When
>there credentials are right according to the database,
>Session("protected")=True and the loginpage gives a redirection to
>partner.asp by doing Response.Redirect "partner.asp". Trying to log infrom >server 1 works fine, trying to log in from server 2 doesn't.
>
>My questions therefore are:
>1. Is the Session variable rememberd by server 2 (although server 1contains >the loginpage en gives a redirection to a page on server 1)
>2. What can I do to correct this problem?
>
>Your answers are appreciated, and sorry for the possible worse languagein >this message (English is not my native language ;))
>
>Greetings,
>Marc
>
>



Jul 19 '05 #6

P: n/a
On Fri, 25 Jun 2004 23:26:19 +0200, "Marc Hoeve" <mr*****@hotmail.com>
wrote:

Whoops, regarding my response to your last post:

put that header in the page from server 2 ... where the link comes
from.

Hi,

Thank you for your answer.

As I answered Maarten, the session variable must be rememberd by server 1
for the program to function correctly. All files that work with this session
are at server 1, that's why I can't figure out where the problem is.
Are the domains pointing to IP addresses that sit on two completely
different network cards/boxes? Are these virtual domains? Given all
the microsoft Q articles on security issues and stuff, this question
may lead to something. Who knows.


I don't know that. The websites are hosted by an ISP (both sites are hosted
by the same ISP). But knowing that site 1 contains all the files that work
with session, I can't imagine that this has anything to do with that...
Is the <A></A> link on the page from server2 using a fully qualified
domain name starting with http:// and reference to the directory and
page name on server1?

Tried both fully qualified domain names and the short one :)

Is the form "action" attribute pointing to a fully qualified domain
name and script name on Server 1?

Yes, it is... and for testing, I also tried to just point to the file...
both worked in that sense, that it didn't matter....
Have you tried various cookie settings, including "Accept all" to see
if this has any impact?

As far as I know, Session variables are not stored in cookies, but are
rememberd by IIS for a period of time (depending on the specific setting of
IIS at this point).

Maybe you have some other idea's. Anyway, thank you for your answer...
Appreciate it :)

Greetings,
Marc

<ou***@ou812.com> schreef in bericht
news:40****************@news.dallas.sbcglobal.net ...
On Fri, 25 Jun 2004 22:21:51 +0200, "Marc Hoeve" <mr*****@hotmail.com>
wrote:

1. The session variable will not be on Server 2, that's for sure.
2. Ask yourself questions.

Are the domains pointing to IP addresses that sit on two completely
different network cards/boxes? Are these virtual domains? Given all
the microsoft Q articles on security issues and stuff, this question
may lead to something. Who knows.

Is the <A></A> link on the page from server2 using a fully qualified
domain name starting with http:// and reference to the directory and
page name on server1?

Is the form "action" attribute pointing to a fully qualified domain
name and script name on Server 1?

Have you tried various cookie settings, including "Accept all" to see
if this has any impact?

Just some ideas. Enjoy.
>Hi everybody
>
>I'm setting up 2 websites for a friend of mine, en I'm have problems with
>one of the sites.
>
>The situation: I have 2 different domains (both in the .NL domain). Both
>domains provides the possibility for users to log in. The loginscript and
>the databases are hosted at server 1. The site at server 2 contains alink >to the loginpage at server 1. That works well... so far.
>
>The problem is that when I log in at server 2, he doesn't accept it. Ifound >out that the Session variable I use isn't recognised. I use
>Session("protected") to keep track of the users who are logged in. When
>there credentials are right according to the database,
>Session("protected")=True and the loginpage gives a redirection to
>partner.asp by doing Response.Redirect "partner.asp". Trying to log infrom >server 1 works fine, trying to log in from server 2 doesn't.
>
>My questions therefore are:
>1. Is the Session variable rememberd by server 2 (although server 1contains >the loginpage en gives a redirection to a page on server 1)
>2. What can I do to correct this problem?
>
>Your answers are appreciated, and sorry for the possible worse languagein >this message (English is not my native language ;))
>
>Greetings,
>Marc
>
>



Jul 19 '05 #7

P: n/a
Hi,

Thank you again for your reaction...

I tried it, but it didn't work :(

Greetings,
Marc

<ou***@ou812.com> schreef in bericht
news:40****************@news.dallas.sbcglobal.net. ..
On Fri, 25 Jun 2004 23:26:19 +0200, "Marc Hoeve" <mr*****@hotmail.com>
wrote:

Whoops, regarding my response to your last post:

put that header in the page from server 2 ... where the link comes
from.

Hi,

Thank you for your answer.

As I answered Maarten, the session variable must be rememberd by server 1
for the program to function correctly. All files that work with this sessionare at server 1, that's why I can't figure out where the problem is.
Are the domains pointing to IP addresses that sit on two completely
different network cards/boxes? Are these virtual domains? Given all
the microsoft Q articles on security issues and stuff, this question
may lead to something. Who knows.


I don't know that. The websites are hosted by an ISP (both sites are hostedby the same ISP). But knowing that site 1 contains all the files that workwith session, I can't imagine that this has anything to do with that...
Is the <A></A> link on the page from server2 using a fully qualified
domain name starting with http:// and reference to the directory and
page name on server1?

Tried both fully qualified domain names and the short one :)

Is the form "action" attribute pointing to a fully qualified domain
name and script name on Server 1?

Yes, it is... and for testing, I also tried to just point to the file...
both worked in that sense, that it didn't matter....
Have you tried various cookie settings, including "Accept all" to see
if this has any impact?

As far as I know, Session variables are not stored in cookies, but are
rememberd by IIS for a period of time (depending on the specific setting ofIIS at this point).

Maybe you have some other idea's. Anyway, thank you for your answer...
Appreciate it :)

Greetings,
Marc

<ou***@ou812.com> schreef in bericht
news:40****************@news.dallas.sbcglobal.net ...
On Fri, 25 Jun 2004 22:21:51 +0200, "Marc Hoeve" <mr*****@hotmail.com>
wrote:

1. The session variable will not be on Server 2, that's for sure.
2. Ask yourself questions.

Are the domains pointing to IP addresses that sit on two completely
different network cards/boxes? Are these virtual domains? Given all
the microsoft Q articles on security issues and stuff, this question
may lead to something. Who knows.

Is the <A></A> link on the page from server2 using a fully qualified
domain name starting with http:// and reference to the directory and
page name on server1?

Is the form "action" attribute pointing to a fully qualified domain
name and script name on Server 1?

Have you tried various cookie settings, including "Accept all" to see
if this has any impact?

Just some ideas. Enjoy.

>Hi everybody
>
>I'm setting up 2 websites for a friend of mine, en I'm have problems with >one of the sites.
>
>The situation: I have 2 different domains (both in the .NL domain). Both >domains provides the possibility for users to log in. The loginscript and >the databases are hosted at server 1. The site at server 2 contains a

link
>to the loginpage at server 1. That works well... so far.
>
>The problem is that when I log in at server 2, he doesn't accept it. I

found
>out that the Session variable I use isn't recognised. I use
>Session("protected") to keep track of the users who are logged in. When >there credentials are right according to the database,
>Session("protected")=True and the loginpage gives a redirection to
>partner.asp by doing Response.Redirect "partner.asp". Trying to log in

from
>server 1 works fine, trying to log in from server 2 doesn't.
>
>My questions therefore are:
>1. Is the Session variable rememberd by server 2 (although server 1

contains
>the loginpage en gives a redirection to a page on server 1)
>2. What can I do to correct this problem?
>
>Your answers are appreciated, and sorry for the possible worse
languagein
>this message (English is not my native language ;))
>
>Greetings,
>Marc
>
>


Jul 19 '05 #8

P: n/a
Hi everyone,

I have tried a work-around with success. Both sites are now on server 1,
server 2 has a response.redirect to server 1. This works very fine.

But still, I would like to have a solution for my problem. I hope someone
out there has an answer?

Thank you in advance for your help.

Greetings,
Marc

"Marc Hoeve" <mr*****@hotmail.com> schreef in bericht
news:cb**********@reader13.wxs.nl...
Hi everybody

I'm setting up 2 websites for a friend of mine, en I'm have problems with
one of the sites.

The situation: I have 2 different domains (both in the .NL domain). Both
domains provides the possibility for users to log in. The loginscript and
the databases are hosted at server 1. The site at server 2 contains a link
to the loginpage at server 1. That works well... so far.

The problem is that when I log in at server 2, he doesn't accept it. I found out that the Session variable I use isn't recognised. I use
Session("protected") to keep track of the users who are logged in. When
there credentials are right according to the database,
Session("protected")=True and the loginpage gives a redirection to
partner.asp by doing Response.Redirect "partner.asp". Trying to log in from server 1 works fine, trying to log in from server 2 doesn't.

My questions therefore are:
1. Is the Session variable rememberd by server 2 (although server 1 contains the loginpage en gives a redirection to a page on server 1)
2. What can I do to correct this problem?

Your answers are appreciated, and sorry for the possible worse language in
this message (English is not my native language ;))

Greetings,
Marc

Jul 19 '05 #9

This discussion thread is closed

Replies have been disabled for this discussion.