Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > RE: SSL, Forms Authentication, & Sessions

Reply
Thread Tools

RE: SSL, Forms Authentication, & Sessions

 
 
Chee Seong Ong
Guest
Posts: n/a
 
      04-28-2004
Can you store the session variables to the database?

--------------------------------------------------------------------
This reply is provided AS IS, without warranty (express or implied).


--------------------
>From: John Hamilton via .NET 247 <(E-Mail Removed)>
>X-Newsreader: AspNNTP 1.50 (Matthew Reynolds Consulting)
>Subject: SSL, Forms Authentication, & Sessions
>Mime-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Content-Transfer-Encoding: quoted-printable
>Message-ID: <O9U8X$(E-Mail Removed)>
>Newsgroups: microsoft.public.dotnet.framework.aspnet
>Date: Thu, 22 Apr 2004 22:00:04 -0700
>NNTP-Posting-Host: 81-86-69-114.dsl.pipex.com 81.86.69.114
>Lines: 1
>Path:

cpmsftngxa10.phx.gbl!TK2MSFTNGXA06.phx.gbl!TK2MSFT NGXA05.phx.gbl!TK2MSFTNGP0
8.phx.gbl!TK2MSFTNGP12.phx.gbl
>Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.framework.aspnet:228453
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>
>Hi, I'm really hoping someone can help me out. I have an e-commerce site

that uses forms authentication to login against a SQL Database. I have 2
pages that I need secure, the login.aspx, and the checkout.aspx. Simple
stuff.
>The problem comes in when I tried to add SSL. As soon as the URL is

changed or redirected to https:// a new sessionid is created and I don't
have access to any of my previous session variables. I've tried changing
the web.config file forms tag loginURL attribute to secure or simple
redirecting to a secure login page, all will result in my current session
being eliminated and a new session.sessionID being created.
>Is there a way to persist a users session from a http:// to a https://

page?
>Thanks!
>--------------------------------
>From: John Hamilton
>MCP, MCSD, MCDBA
>-----------------------
>Posted by a user from .NET 247 (http://www.dotnet247.com/)
><Id>IUauGQqJvU+ARlOduf0Hjw==</Id>
>


 
Reply With Quote
 
 
 
 
MattB
Guest
Posts: n/a
 
      04-28-2004
Or I wonder if you could somehow grab the session ID and assign the new
session that ID. That may not work, but may be worth looking into.

Matt

Chee Seong Ong (MSFT) wrote:
> Can you store the session variables to the database?
>
> --------------------------------------------------------------------
> This reply is provided AS IS, without warranty (express or implied).
>
>
> --------------------
>> From: John Hamilton via .NET 247 <(E-Mail Removed)>
>> X-Newsreader: AspNNTP 1.50 (Matthew Reynolds Consulting)
>> Subject: SSL, Forms Authentication, & Sessions
>> Mime-Version: 1.0
>> Content-Type: text/plain; charset="us-ascii"
>> Content-Transfer-Encoding: quoted-printable
>> Message-ID: <O9U8X$(E-Mail Removed)>
>> Newsgroups: microsoft.public.dotnet.framework.aspnet
>> Date: Thu, 22 Apr 2004 22:00:04 -0700
>> NNTP-Posting-Host: 81-86-69-114.dsl.pipex.com 81.86.69.114
>> Lines: 1
>> Path:

>

cpmsftngxa10.phx.gbl!TK2MSFTNGXA06.phx.gbl!TK2MSFT NGXA05.phx.gbl!TK2MSFTNGP0
> 8.phx.gbl!TK2MSFTNGP12.phx.gbl
>> Xref: cpmsftngxa10.phx.gbl
>> microsoft.public.dotnet.framework.aspnet:228453 X-Tomcat-NG:
>> microsoft.public.dotnet.framework.aspnet
>>
>> Hi, I'm really hoping someone can help me out. I have an e-commerce
>> site

> that uses forms authentication to login against a SQL Database. I
> have 2 pages that I need secure, the login.aspx, and the
> checkout.aspx. Simple stuff.
>> The problem comes in when I tried to add SSL. As soon as the URL is

> changed or redirected to https:// a new sessionid is created and I
> don't have access to any of my previous session variables. I've
> tried changing the web.config file forms tag loginURL attribute to
> secure or simple redirecting to a secure login page, all will result
> in my current session being eliminated and a new session.sessionID
> being created.
>> Is there a way to persist a users session from a http:// to a
>> https:// page? Thanks!
>> --------------------------------
>> From: John Hamilton
>> MCP, MCSD, MCDBA
>> -----------------------
>> Posted by a user from .NET 247 (http://www.dotnet247.com/)
>> <Id>IUauGQqJvU+ARlOduf0Hjw==</Id>




 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Moving from ASP Sessions to Database Sessions Bookham Measures ASP General 19 08-23-2007 03:51 PM
Cookieless Sessions (Sessions Without Cookies) and Security scottymo ASP .Net Security 3 09-29-2006 11:00 PM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
Multiple sessions and forms-based authentication Rob ASP .Net 4 01-06-2004 02:27 PM
Re: Relationship between IIS Sessions and ASP.NET Sessions? Ken Cox [Microsoft MVP] ASP .Net 1 08-08-2003 03:22 PM



Advertisments