You cant pass sessions (Cookies) between a secure and non-secure context. You will need to pass the data as a querystring (Or a reference to the data).
Dan -----Original Message----- From: Ben Timby [mailto:asp@;webexc.com] Sent: Tuesday, November 05, 2002 19:15 To: ActiveServerPages Subject: Sessions and HTTPS -> HTTP We have a site which uses HTTPS to protect a database login form. When the user logs in, we set a session var, and redirect them back to index.asp. The redirect drops the https:// from the url. This seems in a few cases to also drop the session var cookies from the browser. The problem is this. When the user logs in (the login form and handler are both secured), and is then redirected to the index.asp (which is not secured), they lose their session cookies. I grepped a user out of our IIS logs, and the session looks like this: Line 1:2002-11-04 0:47:39 ??.??.??.?? 443 POST /security/process_login.asp - 302 0 437 752 469 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) ASPSESSIONIDQGGGQFSQ=FIPMLLMCKDFCBFHNNINHENNI;+Image11=1017;+Image21=101 4;+Image31=1013 Line 2:2002-11-04 0:47:43 ??.??.??.?? 80 GET /index.asp - 200 0 0 548 156 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - As you can see the cookies are going away. I have not ever heard of this before, I however did find this discussion: http://w6.metronet.com/~wjm/tomcat/2000/Dec/msg00626.html But that does not make sense, because this site is working for the majority of users, and we have only gotten a couple reports of problems. Does anyone have any ideas? Ben Timby Webexcellence PH: 317.423.3548 x23 TF: 800.808.6332 x23 FX: 317.423.8735 [EMAIL PROTECTED] www.webexc.com --- You are currently subscribed to activeserverpages as: [EMAIL PROTECTED] To unsubscribe send a blank email to %%email.unsub%% _____________________________________________________________________ This e-mail has been scanned for viruses by the WorldCom Internet Managed Scanning Service - powered by MessageLabs. For further information visit http://www.worldcom.com _____________________________________________________________________ This e-mail has been scanned for viruses by the WorldCom Internet Managed Scanning Service - powered by MessageLabs. For further information visit http://www.worldcom.com --- You are currently subscribed to activeserverpages as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED]
