Session variables with SSL

Results 1 to 2 of 2

Thread: Session variables with SSL

  1. #1
    Join Date
    Dec 1969

    Default Session variables with SSL

    Does anyone know how i can get round losing my session variables when i refer to the secure part of my site.

  2. #2
    Join Date
    Dec 1969

    Default RE: Session variables with SSL

    For whatever it&#039;s worth, I have no problem response.redirecting users from HTTP to HTTPS on our server.<BR><BR>http://www<BR>to<BR>https://www <BR><BR>If the HTTPS is set up to run through port 1433 and that should not be a problem.<BR><BR>I have had problems switching from DNS to IP<BR><BR><BR>to<BR>https://www<BR><BR>but this is because the *browser* thinks this is a new server. <BR><BR>What I did do though to move a session from DNS to IP is:<BR>1) on the DNS page I redirect to an special asp page<BR>2) on that page I check for session cookies<BR>3) I then copy those session cookies into query string<BR> name/value pairs.<BR>4) Using those querystring I redirect to the IP URL of that<BR> same page. (which in this case is still the same server)<BR>5) Now that the user is on the IP URL, I check for the<BR> presence of those querystrings and set new session cookies<BR> for them.<BR><BR>This may pose some security risks by passing future session data via querystring but this 10 minute solution did seem to work for our purposes.<BR><BR>Another thing to be aware of is the fact that you now have 2 sessions for every previous session before. To alleviate this you can session.abandon() before you redirect to kill the old sessions or you can just set the session.timeout property to a few minutes to give you time to redirect the user.<BR><BR>All of this in mind you may want to just think about true scalability and try to find other ways to pass persistent data around between many servers. You can even try to create your own session object!<BR><BR>Check out this article for more info :<BR><BR><BR><BR>HTH,<BR>Reginald

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts