By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,983 Members | 1,627 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,983 IT Pros & Developers. It's quick & easy.

Session Variable Values Across HTTP/HTTPS

P: n/a
It appears that I'm losing values for session variables when I move from a
page like http://www.my_site.com/catalog.aspx to
https://www50.ssldomain.com/my_site/login.aspx and vice versa.

Are session variables suppose to lose values across different domain names?

The www50.ssldomain.com is hosted by the same webhost. It's just how they
handle their SSL certificate.

Help! Thanks for any help.

Ken
Nov 18 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Across domains? Yes. What happens, client side, is there are two server
cookies sent. This is quite normal and part of the "security" built into
browsers.

If you have a persistant store (database, for example), store values in the
database. On the same machine, you can sometimes get away with equivalent
machine keys, but cross domain is still a difficulty. The persistant store
overcomes this, as you can look up values as a user moves from site to site.
This is best if you go to cookieless authentication (which munges in the
session key).
---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************

"MisterKen" wrote:
It appears that I'm losing values for session variables when I move from a
page like http://www.my_site.com/catalog.aspx to
https://www50.ssldomain.com/my_site/login.aspx and vice versa.

Are session variables suppose to lose values across different domain names?

The www50.ssldomain.com is hosted by the same webhost. It's just how they
handle their SSL certificate.

Help! Thanks for any help.

Ken

Nov 18 '05 #2

P: n/a
Thanks for the clarification.

Do you know of a webpage that might demonstrate this?

"Cowboy (Gregory A. Beamer) - MVP" wrote:
Across domains? Yes. What happens, client side, is there are two server
cookies sent. This is quite normal and part of the "security" built into
browsers.

If you have a persistant store (database, for example), store values in the
database. On the same machine, you can sometimes get away with equivalent
machine keys, but cross domain is still a difficulty. The persistant store
overcomes this, as you can look up values as a user moves from site to site.
This is best if you go to cookieless authentication (which munges in the
session key).
---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************

"MisterKen" wrote:
It appears that I'm losing values for session variables when I move from a
page like http://www.my_site.com/catalog.aspx to
https://www50.ssldomain.com/my_site/login.aspx and vice versa.

Are session variables suppose to lose values across different domain names?

The www50.ssldomain.com is hosted by the same webhost. It's just how they
handle their SSL certificate.

Help! Thanks for any help.

Ken

Nov 18 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.