RE: SSL, Forms Authentication, & Sessions

Discussion in 'ASP .Net' started by Chee Seong Ong, Apr 28, 2004.

  1. Can you store the session variables to the database?

    --------------------------------------------------------------------
    This reply is provided AS IS, without warranty (express or implied).


    --------------------
    >From: John Hamilton via .NET 247 <>
    >X-Newsreader: AspNNTP 1.50 (Matthew Reynolds Consulting)
    >Subject: SSL, Forms Authentication, & Sessions
    >Mime-Version: 1.0
    >Content-Type: text/plain; charset="us-ascii"
    >Content-Transfer-Encoding: quoted-printable
    >Message-ID: <O9U8X$>
    >Newsgroups: microsoft.public.dotnet.framework.aspnet
    >Date: Thu, 22 Apr 2004 22:00:04 -0700
    >NNTP-Posting-Host: 81-86-69-114.dsl.pipex.com 81.86.69.114
    >Lines: 1
    >Path:

    cpmsftngxa10.phx.gbl!TK2MSFTNGXA06.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP0
    8.phx.gbl!TK2MSFTNGP12.phx.gbl
    >Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.framework.aspnet:228453
    >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
    >
    >Hi, I'm really hoping someone can help me out. I have an e-commerce site

    that uses forms authentication to login against a SQL Database. I have 2
    pages that I need secure, the login.aspx, and the checkout.aspx. Simple
    stuff.
    >The problem comes in when I tried to add SSL. As soon as the URL is

    changed or redirected to https:// a new sessionid is created and I don't
    have access to any of my previous session variables. I've tried changing
    the web.config file forms tag loginURL attribute to secure or simple
    redirecting to a secure login page, all will result in my current session
    being eliminated and a new session.sessionID being created.
    >Is there a way to persist a users session from a http:// to a https://

    page?
    >Thanks!
    >--------------------------------
    >From: John Hamilton
    >MCP, MCSD, MCDBA
    >-----------------------
    >Posted by a user from .NET 247 (http://www.dotnet247.com/)
    ><Id>IUauGQqJvU+ARlOduf0Hjw==</Id>
    >
    Chee Seong Ong, Apr 28, 2004
    #1
    1. Advertising

  2. Chee Seong Ong

    MattB Guest

    Or I wonder if you could somehow grab the session ID and assign the new
    session that ID. That may not work, but may be worth looking into.

    Matt

    Chee Seong Ong (MSFT) wrote:
    > Can you store the session variables to the database?
    >
    > --------------------------------------------------------------------
    > This reply is provided AS IS, without warranty (express or implied).
    >
    >
    > --------------------
    >> From: John Hamilton via .NET 247 <>
    >> X-Newsreader: AspNNTP 1.50 (Matthew Reynolds Consulting)
    >> Subject: SSL, Forms Authentication, & Sessions
    >> Mime-Version: 1.0
    >> Content-Type: text/plain; charset="us-ascii"
    >> Content-Transfer-Encoding: quoted-printable
    >> Message-ID: <O9U8X$>
    >> Newsgroups: microsoft.public.dotnet.framework.aspnet
    >> Date: Thu, 22 Apr 2004 22:00:04 -0700
    >> NNTP-Posting-Host: 81-86-69-114.dsl.pipex.com 81.86.69.114
    >> Lines: 1
    >> Path:

    >

    cpmsftngxa10.phx.gbl!TK2MSFTNGXA06.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP0
    > 8.phx.gbl!TK2MSFTNGP12.phx.gbl
    >> Xref: cpmsftngxa10.phx.gbl
    >> microsoft.public.dotnet.framework.aspnet:228453 X-Tomcat-NG:
    >> microsoft.public.dotnet.framework.aspnet
    >>
    >> Hi, I'm really hoping someone can help me out. I have an e-commerce
    >> site

    > that uses forms authentication to login against a SQL Database. I
    > have 2 pages that I need secure, the login.aspx, and the
    > checkout.aspx. Simple stuff.
    >> The problem comes in when I tried to add SSL. As soon as the URL is

    > changed or redirected to https:// a new sessionid is created and I
    > don't have access to any of my previous session variables. I've
    > tried changing the web.config file forms tag loginURL attribute to
    > secure or simple redirecting to a secure login page, all will result
    > in my current session being eliminated and a new session.sessionID
    > being created.
    >> Is there a way to persist a users session from a http:// to a
    >> https:// page? Thanks!
    >> --------------------------------
    >> From: John Hamilton
    >> MCP, MCSD, MCDBA
    >> -----------------------
    >> Posted by a user from .NET 247 (http://www.dotnet247.com/)
    >> <Id>IUauGQqJvU+ARlOduf0Hjw==</Id>
    MattB, Apr 28, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rob
    Replies:
    4
    Views:
    1,027
  2. Rob
    Replies:
    1
    Views:
    575
    Mike Moore [MSFT]
    Jan 5, 2004
  3. Eric
    Replies:
    2
    Views:
    1,448
    Tommy
    Feb 13, 2004
  4. Bijoy Naick

    Sessions and Forms Authentication Cookie

    Bijoy Naick, Nov 16, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    490
    George Durzi
    Nov 16, 2004
  5. Eric
    Replies:
    2
    Views:
    481
Loading...

Share This Page