Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > ASP Session, Cookies and SSL

Reply
Thread Tools

ASP Session, Cookies and SSL

 
 
Adil Akram
Guest
Posts: n/a
 
      09-26-2004
I have created a site shopping cart in ASP.net.

I am using ASP session object's SessionID on non SSL connection to track
session.
While adding products to cart DB I insert product and SessionID in table.
All products and cart status pages are on non SSL connection.

On checkout to get secure user information I shifted connection to SSL but
when shifting to SSL, the SessionID changed (As is this is default behavior
of IIS to prevent stealing SSL session).

To get rid of this problem I shifted my all products and cart pages to SSL,
now its working fine but I am not satisfied with this solution because it is
not feasible to put all product pages (about 500 pages) to SSL. As I see
while shopping with big companies sites i.e. Microsoft, Amazon etc. they
change to SSL only in checkout page.

How can I build it like that all pages remains in non SSL and only checkout
pages should be on SSL. One solution may be to use custom cookies to track
session but it may have the same problem of session hijacking/ session
stealing.

Any one please explain me what is the best way to create shopping cart with
SSL, the ASP/ASP.net session or setting own cookies.

Please explain in detail or refer some useful links.

regards,
Adil



 
Reply With Quote
 
 
 
 
Bob Barrows [MVP]
Guest
Posts: n/a
 
      09-26-2004
Adil Akram wrote:
> I have created a site shopping cart in ASP.net.
>

There was no way for you to know it, but this is a classic asp newsgroup.
While you may be lucky enough to find a dotnet-savvy person here who can
answer your question, you can eliminate the luck factor by posting your
question to a group where those dotnet-savvy people hang out. I suggest
microsoft.public.dotnet.framework.aspnet.

--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Give Request.Cookies and Response.Cookies is there any reason to use another method to use cookies? _Who ASP .Net 7 09-18-2008 07:49 PM
Persistant cookies and non-persistant cookies. archana ASP .Net 1 05-25-2007 08:43 AM
Maintain session between an SSL page and Non SSL page John Smith Java 0 10-05-2006 12:03 PM
ASP.net SSL w/ an SSL Accelerator Nathan Crosby ASP .Net Security 2 08-18-2006 05:30 PM
forcing cookies to use SSL and redirecting to custom error page =?Utf-8?B?RGFuIEtyYWltYW4=?= ASP .Net 0 12-30-2005 04:22 PM



Advertisments