Share session between secure and non-secure applications

Discussion in 'ASP .Net' started by Joe, Dec 7, 2005.

  1. Joe

    Joe Guest

    I have an application which runs in a non-secure environment. I also have an
    application that runs in a secure environment (both on the same machine). Is
    there any way to share the session data for this?

    Most of the site allows the user to add things to a cart (non-secure), once
    they choose to check-out, I need this information which was stored in the
    session to be read by the payment page(secured).

    Hope this makes sense. It's probably not the best way to handle it. Any
    suggestions are more than welcome.

    Thanks,
    Joe
     
    Joe, Dec 7, 2005
    #1
    1. Advertising

  2. Joe

    Marina Guest

    I don't think you would want to store things like that in session. If the
    user timesout because they left for lunch, then come back and click
    something they will have an empty cart because they will have a new session.

    Additionally, there is no way I know of to share data between two different
    applications.

    Is there a reason this wouldn't all just be one application?

    Regardless, I recommend you store cart contents in a cookie or something so
    you are not dependent on session state.

    "Joe" <> wrote in message
    news:OB3GHF2%...
    >I have an application which runs in a non-secure environment. I also have
    >an application that runs in a secure environment (both on the same
    >machine). Is there any way to share the session data for this?
    >
    > Most of the site allows the user to add things to a cart (non-secure),
    > once they choose to check-out, I need this information which was stored in
    > the session to be read by the payment page(secured).
    >
    > Hope this makes sense. It's probably not the best way to handle it. Any
    > suggestions are more than welcome.
    >
    > Thanks,
    > Joe
    >
     
    Marina, Dec 7, 2005
    #2
    1. Advertising

  3. Thanks for Marina's inputs.

    Hi Joe,

    For sessionState, different ASP.NET application can not share the same
    sesstion storage (no matter what session mode it uses....). I'm also
    wondering whether it possible that you combine the wo application into one
    single asp.net web application, that'll make share ASP.NET states quite
    simple. In addition, if we do need to make those two application part
    separated and share some datas, I think some other persistence storage such
    as database storage.....

    Thanks,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    --------------------
    | From: "Marina" <>
    | References: <OB3GHF2#>
    | Subject: Re: Share session between secure and non-secure applications
    | Date: Wed, 7 Dec 2005 14:10:30 -0500
    | Lines: 30
    | X-Priority: 3
    | X-MSMail-Priority: Normal
    | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    | X-RFC2646: Format=Flowed; Response
    | Message-ID: <u23XlH2#>
    | Newsgroups: microsoft.public.dotnet.framework.aspnet
    | NNTP-Posting-Host: gw.deltek.com 63.72.155.97
    | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
    | Xref: TK2MSFTNGXA02.phx.gbl
    microsoft.public.dotnet.framework.aspnet:363457
    | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
    |
    | I don't think you would want to store things like that in session. If the
    | user timesout because they left for lunch, then come back and click
    | something they will have an empty cart because they will have a new
    session.
    |
    | Additionally, there is no way I know of to share data between two
    different
    | applications.
    |
    | Is there a reason this wouldn't all just be one application?
    |
    | Regardless, I recommend you store cart contents in a cookie or something
    so
    | you are not dependent on session state.
    |
    | "Joe" <> wrote in message
    | news:OB3GHF2%...
    | >I have an application which runs in a non-secure environment. I also
    have
    | >an application that runs in a secure environment (both on the same
    | >machine). Is there any way to share the session data for this?
    | >
    | > Most of the site allows the user to add things to a cart (non-secure),
    | > once they choose to check-out, I need this information which was stored
    in
    | > the session to be read by the payment page(secured).
    | >
    | > Hope this makes sense. It's probably not the best way to handle it. Any
    | > suggestions are more than welcome.
    | >
    | > Thanks,
    | > Joe
    | >
    |
    |
    |
     
    Steven Cheng[MSFT], Dec 8, 2005
    #3
  4. Joe

    Joe Guest

    Hi Steve,

    I would like to use a single application but I don't see how I can do that
    since there are two different locations (same machine though) for the secure
    and non-secure pages.

    I was trying to use cookies like Marina suggested but these can't be shared
    either.

    If I go the database route, how do I know when to delete the records?

    -Joe

    "Steven Cheng[MSFT]" <> wrote in message
    news:Gvc$$M6%...
    > Thanks for Marina's inputs.
    >
    > Hi Joe,
    >
    > For sessionState, different ASP.NET application can not share the same
    > sesstion storage (no matter what session mode it uses....). I'm also
    > wondering whether it possible that you combine the wo application into one
    > single asp.net web application, that'll make share ASP.NET states quite
    > simple. In addition, if we do need to make those two application part
    > separated and share some datas, I think some other persistence storage
    > such
    > as database storage.....
    >
    > Thanks,
    >
    > Steven Cheng
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    > --------------------
    > | From: "Marina" <>
    > | References: <OB3GHF2#>
    > | Subject: Re: Share session between secure and non-secure applications
    > | Date: Wed, 7 Dec 2005 14:10:30 -0500
    > | Lines: 30
    > | X-Priority: 3
    > | X-MSMail-Priority: Normal
    > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
    > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    > | X-RFC2646: Format=Flowed; Response
    > | Message-ID: <u23XlH2#>
    > | Newsgroups: microsoft.public.dotnet.framework.aspnet
    > | NNTP-Posting-Host: gw.deltek.com 63.72.155.97
    > | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
    > | Xref: TK2MSFTNGXA02.phx.gbl
    > microsoft.public.dotnet.framework.aspnet:363457
    > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
    > |
    > | I don't think you would want to store things like that in session. If
    > the
    > | user timesout because they left for lunch, then come back and click
    > | something they will have an empty cart because they will have a new
    > session.
    > |
    > | Additionally, there is no way I know of to share data between two
    > different
    > | applications.
    > |
    > | Is there a reason this wouldn't all just be one application?
    > |
    > | Regardless, I recommend you store cart contents in a cookie or something
    > so
    > | you are not dependent on session state.
    > |
    > | "Joe" <> wrote in message
    > | news:OB3GHF2%...
    > | >I have an application which runs in a non-secure environment. I also
    > have
    > | >an application that runs in a secure environment (both on the same
    > | >machine). Is there any way to share the session data for this?
    > | >
    > | > Most of the site allows the user to add things to a cart (non-secure),
    > | > once they choose to check-out, I need this information which was
    > stored
    > in
    > | > the session to be read by the payment page(secured).
    > | >
    > | > Hope this makes sense. It's probably not the best way to handle it.
    > Any
    > | > suggestions are more than welcome.
    > | >
    > | > Thanks,
    > | > Joe
    > | >
    > |
    > |
    > |
    >
     
    Joe, Dec 8, 2005
    #4
  5. Hi Joe,

    For SSL securing, based on my understanding , IIS server support
    configuring the SSL protection setting(requiring secure channel) based on
    virtual dir level( not application level). So you can put those two
    applications into one asp.net application and in different sub folder.
    Then, we can configure different ssl protection for them....

    Also, for data deleting when using sqlserver as backend data storage, we
    may need to manually create a background service(using a background thread
    to monitior and deleting expired data or using Sqlserver Agent's Job....)

    Thanks,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)


    --------------------
    | From: "Joe" <>
    | References: <OB3GHF2#>
    <u23XlH2#>
    <Gvc$$M6#>
    | Subject: Re: Share session between secure and non-secure applications
    | Date: Thu, 8 Dec 2005 02:51:32 -0500
    | Lines: 97
    | X-Priority: 3
    | X-MSMail-Priority: Normal
    | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    | X-RFC2646: Format=Flowed; Original
    | Message-ID: <e3Z01w8#>
    | Newsgroups: microsoft.public.dotnet.framework.aspnet
    | NNTP-Posting-Host: 69.37.58.70.adsl.snet.net 69.37.58.70
    | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
    | Xref: TK2MSFTNGXA02.phx.gbl
    microsoft.public.dotnet.framework.aspnet:363576
    | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
    |
    | Hi Steve,
    |
    | I would like to use a single application but I don't see how I can do
    that
    | since there are two different locations (same machine though) for the
    secure
    | and non-secure pages.
    |
    | I was trying to use cookies like Marina suggested but these can't be
    shared
    | either.
    |
    | If I go the database route, how do I know when to delete the records?
    |
    | -Joe
    |
    | "Steven Cheng[MSFT]" <> wrote in message
    | news:Gvc$$M6%...
    | > Thanks for Marina's inputs.
    | >
    | > Hi Joe,
    | >
    | > For sessionState, different ASP.NET application can not share the same
    | > sesstion storage (no matter what session mode it uses....). I'm also
    | > wondering whether it possible that you combine the wo application into
    one
    | > single asp.net web application, that'll make share ASP.NET states quite
    | > simple. In addition, if we do need to make those two application part
    | > separated and share some datas, I think some other persistence storage
    | > such
    | > as database storage.....
    | >
    | > Thanks,
    | >
    | > Steven Cheng
    | > Microsoft Online Support
    | >
    | > Get Secure! www.microsoft.com/security
    | > (This posting is provided "AS IS", with no warranties, and confers no
    | > rights.)
    | > --------------------
    | > | From: "Marina" <>
    | > | References: <OB3GHF2#>
    | > | Subject: Re: Share session between secure and non-secure applications
    | > | Date: Wed, 7 Dec 2005 14:10:30 -0500
    | > | Lines: 30
    | > | X-Priority: 3
    | > | X-MSMail-Priority: Normal
    | > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
    | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    | > | X-RFC2646: Format=Flowed; Response
    | > | Message-ID: <u23XlH2#>
    | > | Newsgroups: microsoft.public.dotnet.framework.aspnet
    | > | NNTP-Posting-Host: gw.deltek.com 63.72.155.97
    | > | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
    | > | Xref: TK2MSFTNGXA02.phx.gbl
    | > microsoft.public.dotnet.framework.aspnet:363457
    | > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
    | > |
    | > | I don't think you would want to store things like that in session. If
    | > the
    | > | user timesout because they left for lunch, then come back and click
    | > | something they will have an empty cart because they will have a new
    | > session.
    | > |
    | > | Additionally, there is no way I know of to share data between two
    | > different
    | > | applications.
    | > |
    | > | Is there a reason this wouldn't all just be one application?
    | > |
    | > | Regardless, I recommend you store cart contents in a cookie or
    something
    | > so
    | > | you are not dependent on session state.
    | > |
    | > | "Joe" <> wrote in message
    | > | news:OB3GHF2%...
    | > | >I have an application which runs in a non-secure environment. I also
    | > have
    | > | >an application that runs in a secure environment (both on the same
    | > | >machine). Is there any way to share the session data for this?
    | > | >
    | > | > Most of the site allows the user to add things to a cart
    (non-secure),
    | > | > once they choose to check-out, I need this information which was
    | > stored
    | > in
    | > | > the session to be read by the payment page(secured).
    | > | >
    | > | > Hope this makes sense. It's probably not the best way to handle it.
    | > Any
    | > | > suggestions are more than welcome.
    | > | >
    | > | > Thanks,
    | > | > Joe
    | > | >
    | > |
    | > |
    | > |
    | >
    |
    |
    |
     
    Steven Cheng[MSFT], Dec 9, 2005
    #5
  6. Hey Joe,

    Any further progress? If anything else we can help, please feel free to
    post here.

    Thanks,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    --------------------
    | X-Tomcat-ID: 132683453
    | References: <OB3GHF2#>
    <u23XlH2#>
    <Gvc$$M6#>
    <e3Z01w8#>
    | MIME-Version: 1.0
    | Content-Type: text/plain
    | Content-Transfer-Encoding: 7bit
    | From: (Steven Cheng[MSFT])
    | Organization: Microsoft
    | Date: Fri, 09 Dec 2005 07:52:52 GMT
    | Subject: Re: Share session between secure and non-secure applications
    | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
    | Message-ID: <huArYWJ$>
    | Newsgroups: microsoft.public.dotnet.framework.aspnet
    | Lines: 133
    | Path: TK2MSFTNGXA02.phx.gbl
    | Xref: TK2MSFTNGXA02.phx.gbl
    microsoft.public.dotnet.framework.aspnet:363797
    | NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
    |
    | Hi Joe,
    |
    | For SSL securing, based on my understanding , IIS server support
    | configuring the SSL protection setting(requiring secure channel) based on
    | virtual dir level( not application level). So you can put those two
    | applications into one asp.net application and in different sub folder.
    | Then, we can configure different ssl protection for them....
    |
    | Also, for data deleting when using sqlserver as backend data storage, we
    | may need to manually create a background service(using a background
    thread
    | to monitior and deleting expired data or using Sqlserver Agent's Job....)
    |
    | Thanks,
    |
    | Steven Cheng
    | Microsoft Online Support
    |
    | Get Secure! www.microsoft.com/security
    | (This posting is provided "AS IS", with no warranties, and confers no
    | rights.)
    |
    |
    | --------------------
    | | From: "Joe" <>
    | | References: <OB3GHF2#>
    | <u23XlH2#>
    | <Gvc$$M6#>
    | | Subject: Re: Share session between secure and non-secure applications
    | | Date: Thu, 8 Dec 2005 02:51:32 -0500
    | | Lines: 97
    | | X-Priority: 3
    | | X-MSMail-Priority: Normal
    | | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
    | | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    | | X-RFC2646: Format=Flowed; Original
    | | Message-ID: <e3Z01w8#>
    | | Newsgroups: microsoft.public.dotnet.framework.aspnet
    | | NNTP-Posting-Host: 69.37.58.70.adsl.snet.net 69.37.58.70
    | | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
    | | Xref: TK2MSFTNGXA02.phx.gbl
    | microsoft.public.dotnet.framework.aspnet:363576
    | | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
    | |
    | | Hi Steve,
    | |
    | | I would like to use a single application but I don't see how I can do
    | that
    | | since there are two different locations (same machine though) for the
    | secure
    | | and non-secure pages.
    | |
    | | I was trying to use cookies like Marina suggested but these can't be
    | shared
    | | either.
    | |
    | | If I go the database route, how do I know when to delete the records?
    | |
    | | -Joe
    | |
    | | "Steven Cheng[MSFT]" <> wrote in message
    | | news:Gvc$$M6%...
    | | > Thanks for Marina's inputs.
    | | >
    | | > Hi Joe,
    | | >
    | | > For sessionState, different ASP.NET application can not share the same
    | | > sesstion storage (no matter what session mode it uses....). I'm also
    | | > wondering whether it possible that you combine the wo application
    into
    | one
    | | > single asp.net web application, that'll make share ASP.NET states
    quite
    | | > simple. In addition, if we do need to make those two application part
    | | > separated and share some datas, I think some other persistence
    storage
    | | > such
    | | > as database storage.....
    | | >
    | | > Thanks,
    | | >
    | | > Steven Cheng
    | | > Microsoft Online Support
    | | >
    | | > Get Secure! www.microsoft.com/security
    | | > (This posting is provided "AS IS", with no warranties, and confers no
    | | > rights.)
    | | > --------------------
    | | > | From: "Marina" <>
    | | > | References: <OB3GHF2#>
    | | > | Subject: Re: Share session between secure and non-secure
    applications
    | | > | Date: Wed, 7 Dec 2005 14:10:30 -0500
    | | > | Lines: 30
    | | > | X-Priority: 3
    | | > | X-MSMail-Priority: Normal
    | | > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
    | | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    | | > | X-RFC2646: Format=Flowed; Response
    | | > | Message-ID: <u23XlH2#>
    | | > | Newsgroups: microsoft.public.dotnet.framework.aspnet
    | | > | NNTP-Posting-Host: gw.deltek.com 63.72.155.97
    | | > | Path:
    TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
    | | > | Xref: TK2MSFTNGXA02.phx.gbl
    | | > microsoft.public.dotnet.framework.aspnet:363457
    | | > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
    | | > |
    | | > | I don't think you would want to store things like that in session.
    If
    | | > the
    | | > | user timesout because they left for lunch, then come back and click
    | | > | something they will have an empty cart because they will have a new
    | | > session.
    | | > |
    | | > | Additionally, there is no way I know of to share data between two
    | | > different
    | | > | applications.
    | | > |
    | | > | Is there a reason this wouldn't all just be one application?
    | | > |
    | | > | Regardless, I recommend you store cart contents in a cookie or
    | something
    | | > so
    | | > | you are not dependent on session state.
    | | > |
    | | > | "Joe" <> wrote in message
    | | > | news:OB3GHF2%...
    | | > | >I have an application which runs in a non-secure environment. I
    also
    | | > have
    | | > | >an application that runs in a secure environment (both on the same
    | | > | >machine). Is there any way to share the session data for this?
    | | > | >
    | | > | > Most of the site allows the user to add things to a cart
    | (non-secure),
    | | > | > once they choose to check-out, I need this information which was
    | | > stored
    | | > in
    | | > | > the session to be read by the payment page(secured).
    | | > | >
    | | > | > Hope this makes sense. It's probably not the best way to handle
    it.
    | | > Any
    | | > | > suggestions are more than welcome.
    | | > | >
    | | > | > Thanks,
    | | > | > Joe
    | | > | >
    | | > |
    | | > |
    | | > |
    | | >
    | |
    | |
    | |
    |
    |
     
    Steven Cheng[MSFT], Dec 13, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Marshal Antony

    How to share Cache between applications

    Marshal Antony, Nov 3, 2003, in forum: ASP .Net
    Replies:
    4
    Views:
    719
    Marshal Antony
    Nov 6, 2003
  2. Daniel Malcolm
    Replies:
    0
    Views:
    578
    Daniel Malcolm
    Jan 24, 2005
  3. asdf
    Replies:
    1
    Views:
    431
    DKode
    Feb 15, 2006
  4. hojmosen
    Replies:
    0
    Views:
    401
    hojmosen
    Aug 9, 2007
  5. Saraswati lakki
    Replies:
    0
    Views:
    1,415
    Saraswati lakki
    Jan 6, 2012
Loading...

Share This Page