Re: Sessions/Cookies between sites
anonymous_at_discussions.microsoft.com
Date: 05/11/04
- Next message: Mike: "Total Rows and count of specific instance in one read"
- Previous message: Justin Gregory: "Re: Multiple Recordsets"
- In reply to: Mark Schupp: "Re: Sessions/Cookies between sites"
- Next in thread: Laphan: "Re: Sessions/Cookies between sites"
- Reply: Laphan: "Re: Sessions/Cookies between sites"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 11 May 2004 10:46:45 -0700
>From my experience with IIS6 and Windows Server 2003
Session variables are still retained when switching from
http to https, I never knew it was a bug, I hope Microsoft
doesn't fix this one.
(Since the session variables are based on a session ID
cookie, it is really dependent on the client browser
whether or not the session variables will be retained,
it's up to the client browser to decide if it should
include the SessionID cookie in it's https request).
In the case of the original question, his https pages are
on a different domain then the cookies and session
variables will definitely not be retained.
But if the user goes back to the http page before his
session expires then the variables will still be there.
Mendel Nemanov
Spotlight Design
>-----Original Message-----
>Yes, session variables and cookies will not be shared
between the http and
>https sites (if the HTTP and HTTPS pages are in the same
IIS application, it
>used to be possible to share session state, I don't know
if that was a bug
>or a feature. I haven't tried it since IIS 4).
>
>Yes, you can pass data back and forth with form elements.
A more secure
>approach would be to keep the user data in a database and
pass only and
>identifier back and forth.
>
>As long as the user returns to one site or another within
the session
>timeout period set in IIS their session variables will
still be available.
>If cookies are not set to expire or they return before
the cookie expires
>then cookies will be available as well.
>
>--
>Mark Schupp
>Head of Development
>Integrity eLearning
>www.ielearning.com
>
>
>"Astra" <info@NoEmail.com> wrote in message
news:40a0c0df_4@127.0.0.1...
>> Hi All
>>
>> Can I just confirm, is it true that Session Vars and
Cookies from my main
>> http site will all be lost when I ask the user to
transfer over to the
>> secure (https) side of my site?
>>
>> Although the http and https sites are hosted on the
same ISP they are
>under
>> different domains (as well as protocols of course).
>>
>> Is it usually the case that I form post/get the
intrinsic details back and
>> forth between the http and https so that I can keep
things on track?
>>
>> More importantly, if the user is still in the same
session and they go to
>> the https side of the site and then go back to the http
side (they may
>want
>> to check something - because they just do), has all of
my session var and
>> cookie data still be lost because of the change of
sites? I have a
>feeling
>> that my cookies will be OK, but my session vars may
have been lost -
>> correct?
>>
>> Rgds
>>
>> Robbie
>>
>>
>
>
>.
>
- Next message: Mike: "Total Rows and count of specific instance in one read"
- Previous message: Justin Gregory: "Re: Multiple Recordsets"
- In reply to: Mark Schupp: "Re: Sessions/Cookies between sites"
- Next in thread: Laphan: "Re: Sessions/Cookies between sites"
- Reply: Laphan: "Re: Sessions/Cookies between sites"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
