Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > Session in SSL

Reply
Thread Tools

Session in SSL

 
 
Adil Akram
Guest
Posts: n/a
 
      09-13-2004
I've developed a shopping cart application in ASP. To maintain the shopping
cart session, I've used the session ID, but while it shifts to SSL pages,
the session ID changed which is its default behaviour to maintain security
and prevent session stealing.

I've no idea to maintain session in shopping cart with SSL in check out form
because if I do it with cookies the same security problem exist there,
anyone can steal cookie in non SSL pages and can use it at any time in
user's session.

Expert advices are really appreciated.

I'm thankful in advance.

regards,
Adil
http://www.velocityreviews.com/forums/(E-Mail Removed)



 
Reply With Quote
 
 
 
 
Ray Costanzo [MVP]
Guest
Posts: n/a
 
      09-13-2004
See here, http://www.aspfaq.com/show.asp?id=2157, and note the link to the
cookieless shopping cart that uses a DB to maintain session data.

Ray at home

"Adil Akram" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I've developed a shopping cart application in ASP. To maintain the

shopping
> cart session, I've used the session ID, but while it shifts to SSL pages,
> the session ID changed which is its default behaviour to maintain security
> and prevent session stealing.
>
> I've no idea to maintain session in shopping cart with SSL in check out

form
> because if I do it with cookies the same security problem exist there,
> anyone can steal cookie in non SSL pages and can use it at any time in
> user's session.
>
> Expert advices are really appreciated.
>
> I'm thankful in advance.
>
> regards,
> Adil
> (E-Mail Removed)
>
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Maintain session between an SSL page and Non SSL page John Smith Java 0 10-05-2006 12:03 PM
Response.Redirect from SSL to non SSL with port drops port. Sean Wolfe ASP .Net 1 04-28-2005 07:49 PM
SSL with backend SSL on CSS 11500 Olivier PELERIN Cisco 0 08-30-2004 08:30 PM
How to imbed non-SSL links within SSL pages without using code CW ASP .Net 2 05-02-2004 01:40 PM
From non-ssl area to ssl ara with a virtual href path? 620 ASP .Net 2 01-06-2004 09:58 PM



Advertisments