473,403 Members | 2,071 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > session variable values across http/https

Join Bytes to post your question to a community of 473,403 software developers and data experts.

Session Variable Values Across HTTP/HTTPS

It appears that I'm losing values for session variables when I move from a
page like http://www.my_site.com/catalog.aspx to
https://www50.ssldomain.com/my_site/login.aspx and vice versa.

Are session variables suppose to lose values across different domain names?

The www50.ssldomain.com is hosted by the same webhost. It's just how they
handle their SSL certificate.

Help! Thanks for any help.

Ken
Nov 18 '05 #1
2 3125
Across domains? Yes. What happens, client side, is there are two server
cookies sent. This is quite normal and part of the "security" built into
browsers.

If you have a persistant store (database, for example), store values in the
database. On the same machine, you can sometimes get away with equivalent
machine keys, but cross domain is still a difficulty. The persistant store
overcomes this, as you can look up values as a user moves from site to site.
This is best if you go to cookieless authentication (which munges in the
session key).
---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************

"MisterKen" wrote:
It appears that I'm losing values for session variables when I move from a
page like http://www.my_site.com/catalog.aspx to
https://www50.ssldomain.com/my_site/login.aspx and vice versa.

Are session variables suppose to lose values across different domain names?

The www50.ssldomain.com is hosted by the same webhost. It's just how they
handle their SSL certificate.

Help! Thanks for any help.

Ken

Nov 18 '05 #2
Thanks for the clarification.

Do you know of a webpage that might demonstrate this?

"Cowboy (Gregory A. Beamer) - MVP" wrote:
Across domains? Yes. What happens, client side, is there are two server
cookies sent. This is quite normal and part of the "security" built into
browsers.

If you have a persistant store (database, for example), store values in the
database. On the same machine, you can sometimes get away with equivalent
machine keys, but cross domain is still a difficulty. The persistant store
overcomes this, as you can look up values as a user moves from site to site.
This is best if you go to cookieless authentication (which munges in the
session key).
---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************

"MisterKen" wrote:
It appears that I'm losing values for session variables when I move from a
page like http://www.my_site.com/catalog.aspx to
https://www50.ssldomain.com/my_site/login.aspx and vice versa.

Are session variables suppose to lose values across different domain names?

The www50.ssldomain.com is hosted by the same webhost. It's just how they
handle their SSL certificate.

Help! Thanks for any help.

Ken

Nov 18 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

27
Reality Check: Session Hijacking
by: mrbog | last post by:
Tell me if my assertion is wrong here: The only way to prevent session hijacking is to NEVER store authentication information (such as name/password) in the session. Well, to never authenticate...
PHP
4
session and SSL
by: shank | last post by:
Will Session() (created in SSL) hold its value in SSL, when you go from https://abc to https://xyz and back to https://abc ? Mine does not appear to retain its value. thanks
ASP / Active Server Pages
5
Dropped session variables tied to SSL pages? Or Redirect?
by: Larry Woods | last post by:
I am losing Session variables, but only those that are set in the page previous to a redirect to a secure page. Anyone seen ANY situation where Session variables just "disappear?" Note that...
ASP / Active Server Pages
5
ASP.NET Session State
by: ASP.Confused | last post by:
As you can tell from my previous posts on this issue...I'm really confused :-/ I have a few ASP.NET web applications on my web host's "https" server. Our web host has a single "bin" folder for...
ASP.NET
0
Sharing Session state over secure / non-secure requests
by: Daniel Malcolm | last post by:
Hi I have a site where I would like some pages to be accessed via SSL (login and payment etc) and others via regular http. However I'm not sure whether Session state can be maintained between...
ASP.NET
2
Session Vars vs. Hidden Fields and SSL
by: Jeff | last post by:
....still new to .net 2005 using VB. Do I understand correctly that the value of a session variable is actually stored in the server's ram, but relies on the asp.net session ID cookie that...
Visual Basic .NET
8
Two Requests acessing the Session collection
by: Michael Schwarz | last post by:
Hi, I have a problem where I have two requests (i.e. two different windows that are using the same session) that are accessing the session collection. The requests will need more time on the...
ASP.NET
4
session data stored but new session everytime!
by: rgparkins | last post by:
Hello I am running out of time with a problem I have running PHP 5.04 and Apache 2.0 and really need help :(. I have a page that stores a variable in session but each time I reload that page the...
PHP
8
Session variable, security, SSL, I'm confused
by: YYZ | last post by:
I'm using asp, not asp.net. I've got some open ended questions that I was really hoping someone in here could answer, or direct me to some resources that will help me answer them on my own. ...
ASP / Active Server Pages
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!