A possible workaround is to try to resend the cookie non-secure. I;ve never tried this and don't feel like thinking about the consequences at this second.
Or you can go no a non secure page first to have the session cookie created.
-Tim
Dan Forward wrote:
I have a web site that uses SSL on the main page for logging in (to encrypt the password) but uses standard HTTP on most pages thereafter. I set a value in the session that tells me the user is logged in and that value is checked on every page. If the value is not present, the application redirects the user to the login page. Oddly, the user has had to log in twice in this scenario. I have identified the problem, which I will describe below, but have not found a solution. Hopefully there is a configuration setting somewhere that will fix it.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
