Re: ASP Session

From: Ray Costanzo [MVP] (my)
Date: 09/28/04

Next message: NEtsdpace news: "Slow Intranet performance apparently due to CAB file"
Previous message: Bob Barrows [MVP]: "Re: I'm not sure if this is the right place for this but..."
In reply to: Adil Akram: "ASP Session"
Next in thread: Adil Akram: "Re: ASP Session"
Reply: Adil Akram: "Re: ASP Session"
Messages sorted by: [ date ] [ thread ]

Date: Mon, 27 Sep 2004 20:39:02 -0400

Well, the only way would be to use a cookie, but you've already ruled out
that. So, the way I see it is that you'll have to do everything in SSL,
from shopping to checkout. Is there any particular reason that you're not
already doing that?

Ray at home

"Adil Akram" <microsoftee@informit.com.pk> wrote in message
news:%23Tdw22OpEHA.648@tk2msftngp13.phx.gbl...
> I've developed a shopping cart app in ASP, to secure transaction by SSL,
> it
> 've put only the checkout page in SSL but all other pages i.e. product,
> cart
> etc remains on non SSL connection. How can I track user session from non
> SSL
> to SSL checkout page as the SessionID changes when shifting to SSL (to
> prevent session stealing/ hijacking). I'm tracking user session by putting
> SessionID in cart DB with products. Given below the preview of cart table
>
> Cart table
>
> ID SessionID Product Quantity
> ==================================
> 1 1234564 product1 5
> 2 1234564 item2 3
> 3 1234564 product3 1
> 4 4234564 product1 1
>
>
> If I use any custom cookies, hidden form value (whether plain or
> encrypted),
> it can be hacked by sniffing and changing cookie or hidden value and
> mapping
> it to any other ordering session etc.
>
> Please explain in detail with example, what's the best way to implement
> SSL
> in shopping cart application.
>
> regards,
> Adil
>
>

Next message: NEtsdpace news: "Slow Intranet performance apparently due to CAB file"
Previous message: Bob Barrows [MVP]: "Re: I'm not sure if this is the right place for this but..."
In reply to: Adil Akram: "ASP Session"
Next in thread: Adil Akram: "Re: ASP Session"
Reply: Adil Akram: "Re: ASP Session"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Reality Check: Session Hijacking
... choice to force the visitor to accept session cookies to keep the session ... cookie is simply a cookie that dies when the browser is closed, ... Note that the visitor will not see the new URL in the browser (it still says ... implementing "if not SSL then unset isAuthenticated". ...
(comp.lang.php)
Re: ASP session SSL
... > I have created a site shopping cart in ASP.net. ... > I am using ASP session object's SessionID on non SSL connection to ... All products and cart status pages are on non SSL connection. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: SessionID Still not working
... are any issues that ASP .NET has with with cookie sessions? ... am new to using a session cookie, ... cart site is ASP pages, the good cart is 100% ASP ...
(microsoft.public.dotnet.framework.aspnet)
ASP Session, Cookies and SSL
... I am using ASP session object's SessionID on non SSL connection to track ... While adding products to cart DB I insert product and SessionID in table. ... All products and cart status pages are on non SSL connection. ...
(microsoft.public.inetserver.asp.db)
ASP Session, Cookies and SSL
... I am using ASP session object's SessionID on non SSL connection to track ... While adding products to cart DB I insert product and SessionID in table. ... All products and cart status pages are on non SSL connection. ...
(microsoft.public.inetserver.asp.general)