Re: ASP Session
From: Adil Akram (AdilAkram_at_discussions.microsoft.com)
Date: 09/28/04
- Next message: Martin Emanuelsson: "Indexing Service returns bad texts in asp-solution."
- Previous message: NEtsdpace news: "Slow Intranet performance apparently due to CAB file"
- In reply to: Ray Costanzo [MVP]: "Re: ASP Session"
- Next in thread: Ray Costanzo [MVP]: "Re: ASP Session"
- Reply: Ray Costanzo [MVP]: "Re: ASP Session"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 27 Sep 2004 22:35:06 -0700
Hello Ray,
I don't want to put everything in SSL as the most of the big vndors online
put only checkout page in SSL for example I checked the shopping cart of
Microsoft, Amazon, Sony etc. I don't know exactly whether using cookie is
safe or not.
Please suggest me whatever the best method you know to do this.
Please explain the procedure in detail. I don't need the technical
implementation detail but flow and session tracking details
regards,
Adil
"Ray Costanzo [MVP]" wrote:
> Well, the only way would be to use a cookie, but you've already ruled out
> that. So, the way I see it is that you'll have to do everything in SSL,
> from shopping to checkout. Is there any particular reason that you're not
> already doing that?
>
> Ray at home
>
> "Adil Akram" <microsoftee@informit.com.pk> wrote in message
> news:%23Tdw22OpEHA.648@tk2msftngp13.phx.gbl...
> > I've developed a shopping cart app in ASP, to secure transaction by SSL,
> > it
> > 've put only the checkout page in SSL but all other pages i.e. product,
> > cart
> > etc remains on non SSL connection. How can I track user session from non
> > SSL
> > to SSL checkout page as the SessionID changes when shifting to SSL (to
> > prevent session stealing/ hijacking). I'm tracking user session by putting
> > SessionID in cart DB with products. Given below the preview of cart table
> >
> > Cart table
> >
> > ID SessionID Product Quantity
> > ==================================
> > 1 1234564 product1 5
> > 2 1234564 item2 3
> > 3 1234564 product3 1
> > 4 4234564 product1 1
> >
> >
> > If I use any custom cookies, hidden form value (whether plain or
> > encrypted),
> > it can be hacked by sniffing and changing cookie or hidden value and
> > mapping
> > it to any other ordering session etc.
> >
> > Please explain in detail with example, what's the best way to implement
> > SSL
> > in shopping cart application.
> >
> > regards,
> > Adil
> >
> >
>
>
>
- Next message: Martin Emanuelsson: "Indexing Service returns bad texts in asp-solution."
- Previous message: NEtsdpace news: "Slow Intranet performance apparently due to CAB file"
- In reply to: Ray Costanzo [MVP]: "Re: ASP Session"
- Next in thread: Ray Costanzo [MVP]: "Re: ASP Session"
- Reply: Ray Costanzo [MVP]: "Re: ASP Session"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
