My application generates the session ID under HTTP (unencryted) and in some point I need to take information that will be required using HTTPS (SSL encrypted). I've noticed that my session ID changes when y change the protocol. How can I keep/access the original Session ID (the one generated under HTTP) under HTTPS?
You could try using SessionQueryParse and SessionQueryParseMatch and SessionQueryForce.
HOWEVER, you shouldn't make this work. If you have session-id going over HTTP, it is not secure. If you made it work under HTTPS concurrently, then you would have a security problem with your application in that someone could packet sniff the session-id, and then walk in as that user into the "secure" part of your application.
Therefore, make sure you do not have the same session being used across SSL & non-SSL HTTP pages.
Regards,
Josh ________________________________________________________________ Josh Chamas, Founder phone:925-552-0128 Chamas Enterprises Inc. http://www.chamas.com NodeWorks Link Checking http://www.nodeworks.com
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
