2 3143
Across domains? Yes. What happens, client side, is there are two server
cookies sent. This is quite normal and part of the "security" built into
browsers.
If you have a persistant store (database, for example), store values in the
database. On the same machine, you can sometimes get away with equivalent
machine keys, but cross domain is still a difficulty. The persistant store
overcomes this, as you can look up values as a user moves from site to site.
This is best if you go to cookieless authentication (which munges in the
session key).
---
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
*************** ************
Think Outside the Box!
*************** ************
"MisterKen" wrote: It appears that I'm losing values for session variables when I move from a page like http://www.my_site.com/catalog.aspx to https://www50.ssldomain.com/my_site/login.aspx and vice versa.
Are session variables suppose to lose values across different domain names?
The www50.ssldomain .com is hosted by the same webhost. It's just how they handle their SSL certificate.
Help! Thanks for any help.
Ken
Thanks for the clarification.
Do you know of a webpage that might demonstrate this?
"Cowboy (Gregory A. Beamer) - MVP" wrote: Across domains? Yes. What happens, client side, is there are two server cookies sent. This is quite normal and part of the "security" built into browsers.
If you have a persistant store (database, for example), store values in the database. On the same machine, you can sometimes get away with equivalent machine keys, but cross domain is still a difficulty. The persistant store overcomes this, as you can look up values as a user moves from site to site. This is best if you go to cookieless authentication (which munges in the session key).
---
Gregory A. Beamer MVP; MCP: +I, SE, SD, DBA
*************** ************ Think Outside the Box! *************** ************ "MisterKen" wrote:
It appears that I'm losing values for session variables when I move from a page like http://www.my_site.com/catalog.aspx to https://www50.ssldomain.com/my_site/login.aspx and vice versa.
Are session variables suppose to lose values across different domain names?
The www50.ssldomain .com is hosted by the same webhost. It's just how they handle their SSL certificate.
Help! Thanks for any help.
Ken This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: mrbog |
last post by:
Tell me if my assertion is wrong here:
The only way to prevent session hijacking is to NEVER store
authentication information (such as name/password) in the session.
Well, to never authenticate a user from information you got from the
session. Each secure app on a site must challenge the user for name
and password, each and every time the user accesses it (not just once
and then store it in the session). If a secure app is multi-page,...
|
by: shank |
last post by:
Will Session() (created in SSL) hold its value in SSL, when you go from
https://abc to https://xyz and back to https://abc ? Mine does not appear to
retain its value.
thanks
|
by: Larry Woods |
last post by:
I am losing Session variables, but only those that are set in the page
previous to a redirect to a secure page.
Anyone seen ANY situation where Session variables just "disappear?"
Note that OTHER session variables are still intact !?!
TIA,
Larry Woods
|
by: ASP.Confused |
last post by:
As you can tell from my previous posts on this issue...I'm really confused
:-/
I have a few ASP.NET web applications on my web host's "https" server. Our
web host has a single "bin" folder for me to toss my assemblies into. We
keep loosing session state every few months.
People have told me that my app could be running out of memory, causing the
sessions to get reset. Well, if this is the case, then when I go to the
page again,...
|
by: Daniel Malcolm |
last post by:
Hi
I have a site where I would like some pages to be accessed via SSL (login
and payment etc) and others via regular http. However I'm not sure whether
Session state can be maintained between the 2 protocols.
We have SSL set up on the site so that it can be accessed via the same
domain:
http://www.mydomain.com/login.aspx
| |
by: Jeff |
last post by:
....still new to .net 2005 using VB.
Do I understand correctly that the value of a session variable is actually stored in the server's ram, but relies on the asp.net
session ID cookie that temporarily is placed on the client's machine until the session ends? ...so that you can't use session
variables if the client has disabled cookies on their browser? So, this makes session vars much more secure than hidden fields,
which are transmitted...
|
by: Michael Schwarz |
last post by:
Hi,
I have a problem where I have two requests (i.e. two different windows that
are using the same session) that are accessing the session collection. The
requests will need more time on the server, but I get the problem that the
two sessions are not getting updated values from each requests. Is this by
design or is there any solution to do this?
--
Best regards | Schöne Grüße
|
by: rgparkins |
last post by:
Hello
I am running out of time with a problem I have running PHP 5.04 and
Apache 2.0 and really need help :(. I have a page that stores a
variable in session but each time I reload that page the session seems
to be re-created and is an empty array. I have checked the session file
and the variable is being stored against the session id, but I dont
know why PHP is not picking up the session after I reload.. I have
tried the usual suspects...
|
by: YYZ |
last post by:
I'm using asp, not asp.net. I've got some open ended questions that I
was really hoping someone in here could answer, or direct me to some
resources that will help me answer them on my own.
First, the session object. When a new user comes to my site, asp
creates a session object, and a session id on that object. That
session id is sent back to the client and stored as a cookie(?) that
can be used to identify a single user across...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |