page like http://www.my_site.com/catalog.aspx to
https://www50.ssldomain.com/my_site/login.aspx and vice versa.
Are session variables suppose to lose values across different domain names?
The www50.ssldomain.com is hosted by the same webhost. It's just how they
handle their SSL certificate.
Help! Thanks for any help.
KenAcross domains? Yes. What happens, client side, is there are two server
cookies sent. This is quite normal and part of the "security" built into
browsers.
If you have a persistant store (database, for example), store values in the
database. On the same machine, you can sometimes get away with equivalent
machine keys, but cross domain is still a difficulty. The persistant store
overcomes this, as you can look up values as a user moves from site to site.
This is best if you go to cookieless authentication (which munges in the
session key).
--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
***************************
Think Outside the Box!
***************************
"MisterKen" wrote:
> It appears that I'm losing values for session variables when I move from a
> page like http://www.my_site.com/catalog.aspx to
> https://www50.ssldomain.com/my_site/login.aspx and vice versa.
> Are session variables suppose to lose values across different domain names?
> The www50.ssldomain.com is hosted by the same webhost. It's just how they
> handle their SSL certificate.
> Help! Thanks for any help.
> Ken
Thanks for the clarification.
Do you know of a webpage that might demonstrate this?
"Cowboy (Gregory A. Beamer) - MVP" wrote:
> Across domains? Yes. What happens, client side, is there are two server
> cookies sent. This is quite normal and part of the "security" built into
> browsers.
> If you have a persistant store (database, for example), store values in the
> database. On the same machine, you can sometimes get away with equivalent
> machine keys, but cross domain is still a difficulty. The persistant store
> overcomes this, as you can look up values as a user moves from site to site.
> This is best if you go to cookieless authentication (which munges in the
> session key).
>
> --
> Gregory A. Beamer
> MVP; MCP: +I, SE, SD, DBA
> ***************************
> Think Outside the Box!
> ***************************
>
> "MisterKen" wrote:
> > It appears that I'm losing values for session variables when I move from a
> > page like http://www.my_site.com/catalog.aspx to
> > https://www50.ssldomain.com/my_site/login.aspx and vice versa.
> > Are session variables suppose to lose values across different domain names?
> > The www50.ssldomain.com is hosted by the same webhost. It's just how they
> > handle their SSL certificate.
> > Help! Thanks for any help.
> > Ken
0 comments:
Post a Comment