Session Variable Values Across HTTP/HTTPS

[Guest]

It appears that I'm losing values for session variables when I move from a
page like http://www.my_site.com/catalog.aspx to
https://www50.ssldomain.com/my_site/login.aspx and vice versa.

Are session variables suppose to lose values across different domain names?

The www50.ssldomain.com is hosted by the same webhost. It's just how they
handle their SSL certificate.

Help! Thanks for any help.

Ken

 

[Guest]

Across domains? Yes. What happens, client side, is there are two server
cookies sent. This is quite normal and part of the "security" built into
browsers.

If you have a persistant store (database, for example), store values in the
database. On the same machine, you can sometimes get away with equivalent
machine keys, but cross domain is still a difficulty. The persistant store
overcomes this, as you can look up values as a user moves from site to site.
This is best if you go to cookieless authentication (which munges in the
session key).


---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************

 

[Guest]

Thanks for the clarification.

Do you know of a webpage that might demonstrate this?