469,950 Members | 1,640 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,950 developers. It's quick & easy.

Session Variable Values Across HTTP/HTTPS

It appears that I'm losing values for session variables when I move from a
page like http://www.my_site.com/catalog.aspx to
https://www50.ssldomain.com/my_site/login.aspx and vice versa.

Are session variables suppose to lose values across different domain names?

The www50.ssldomain.com is hosted by the same webhost. It's just how they
handle their SSL certificate.

Help! Thanks for any help.

Ken
Nov 18 '05 #1
2 2844
Across domains? Yes. What happens, client side, is there are two server
cookies sent. This is quite normal and part of the "security" built into
browsers.

If you have a persistant store (database, for example), store values in the
database. On the same machine, you can sometimes get away with equivalent
machine keys, but cross domain is still a difficulty. The persistant store
overcomes this, as you can look up values as a user moves from site to site.
This is best if you go to cookieless authentication (which munges in the
session key).
---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************

"MisterKen" wrote:
It appears that I'm losing values for session variables when I move from a
page like http://www.my_site.com/catalog.aspx to
https://www50.ssldomain.com/my_site/login.aspx and vice versa.

Are session variables suppose to lose values across different domain names?

The www50.ssldomain.com is hosted by the same webhost. It's just how they
handle their SSL certificate.

Help! Thanks for any help.

Ken

Nov 18 '05 #2
Thanks for the clarification.

Do you know of a webpage that might demonstrate this?

"Cowboy (Gregory A. Beamer) - MVP" wrote:
Across domains? Yes. What happens, client side, is there are two server
cookies sent. This is quite normal and part of the "security" built into
browsers.

If you have a persistant store (database, for example), store values in the
database. On the same machine, you can sometimes get away with equivalent
machine keys, but cross domain is still a difficulty. The persistant store
overcomes this, as you can look up values as a user moves from site to site.
This is best if you go to cookieless authentication (which munges in the
session key).
---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************

"MisterKen" wrote:
It appears that I'm losing values for session variables when I move from a
page like http://www.my_site.com/catalog.aspx to
https://www50.ssldomain.com/my_site/login.aspx and vice versa.

Are session variables suppose to lose values across different domain names?

The www50.ssldomain.com is hosted by the same webhost. It's just how they
handle their SSL certificate.

Help! Thanks for any help.

Ken

Nov 18 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

27 posts views Thread by mrbog | last post: by
4 posts views Thread by shank | last post: by
5 posts views Thread by ASP.Confused | last post: by
reply views Thread by Daniel Malcolm | last post: by
8 posts views Thread by Michael Schwarz | last post: by
4 posts views Thread by rgparkins | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.