We have a site which uses HTTPS to protect a database login form. When
the user logs in, we set a session var, and redirect them back to
index.asp. The redirect drops the https:// from the url. This seems in a
few cases to also drop the session var cookies from the browser.
The problem is this. When the user logs in (the login form and handler
are both secured), and is then redirected to the index.asp (which is not
secured), they lose their session cookies. I grepped a user out of our
IIS logs, and the session looks like this:
Line 1:2002-11-04 0:47:39 ??.??.??.?? 443 POST
/security/process_login.asp - 302 0 437 752 469
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0)
ASPSESSIONIDQGGGQFSQ=FIPMLLMCKDFCBFHNNINHENNI;+Image11=1017;+Image21=101
4;+Image31=1013
Line 2:2002-11-04 0:47:43 ??.??.??.?? 80 GET /index.asp - 200 0 0 548
156 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) -
As you can see the cookies are going away. I have not ever heard of this
before, I however did find this discussion:
http://w6.metronet.com/~wjm/tomcat/2000/Dec/msg00626.html
But that does not make sense, because this site is working for the
majority of users, and we have only gotten a couple reports of problems.
Does anyone have any ideas?
Ben Timby
Webexcellence
PH: 317.423.3548 x23
TF: 800.808.6332 x23
FX: 317.423.8735
[EMAIL PROTECTED]
www.webexc.com
---
You are currently subscribed to activeserverpages as: [email protected]
To unsubscribe send a blank email to [EMAIL PROTECTED]
