ASP Session, Cookies and SSL

Discussion in 'ASP General' started by Adil Akram, Sep 26, 2004.

  1. Adil Akram

    Adil Akram Guest

    I have created a site shopping cart in ASP.net.

    I am using ASP session object's SessionID on non SSL connection to track
    session.
    While adding products to cart DB I insert product and SessionID in table.
    All products and cart status pages are on non SSL connection.

    On checkout to get secure user information I shifted connection to SSL but
    when shifting to SSL, the SessionID changed (As is this is default behavior
    of IIS to prevent stealing SSL session).

    To get rid of this problem I shifted my all products and cart pages to SSL,
    now its working fine but I am not satisfied with this solution because it is
    not feasible to put all product pages (about 500 pages) to SSL. As I see
    while shopping with big companies sites i.e. Microsoft, Amazon etc. they
    change to SSL only in checkout page.

    How can I build it like that all pages remains in non SSL and only checkout
    pages should be on SSL. One solution may be to use custom cookies to track
    session but it may have the same problem of session hijacking/ session
    stealing.

    Any one please explain me what is the best way to create shopping cart with
    SSL, the ASP/ASP.net session or setting own cookies.

    Please explain in detail or refer some useful links.

    regards,
    Adil
     
    Adil Akram, Sep 26, 2004
    #1
    1. Advertising

  2. Adil Akram wrote:
    > I have created a site shopping cart in ASP.net.
    >

    There was no way for you to know it, but this is a classic asp newsgroup.
    While you may be lucky enough to find a dotnet-savvy person here who can
    answer your question, you can eliminate the luck factor by posting your
    question to a group where those dotnet-savvy people hang out. I suggest
    microsoft.public.dotnet.framework.aspnet.

    --
    Microsoft MVP - ASP/ASP.NET
    Please reply to the newsgroup. This email account is my spam trap so I
    don't check it very often. If you must reply off-line, then remove the
    "NO SPAM"
     
    Bob Barrows [MVP], Sep 26, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andy Fish
    Replies:
    3
    Views:
    6,600
    Fredrik Lindner
    Nov 6, 2003
  2. John Smith
    Replies:
    0
    Views:
    407
    John Smith
    Oct 5, 2006
  3. archana
    Replies:
    1
    Views:
    536
  4. _Who
    Replies:
    7
    Views:
    2,768
  5. Nathan Crosby

    ASP.net SSL w/ an SSL Accelerator

    Nathan Crosby, Jul 25, 2006, in forum: ASP .Net Security
    Replies:
    2
    Views:
    227
    Nathan Crosby
    Aug 18, 2006
Loading...

Share This Page