Stefan
At 12:21 AM 9/5/2003 -0700, you wrote:
If this is the case then you could force the new session cookie to use the non-ssl UserReference by forcing the _UserReference passed as a search arg into the ssl session cookie by the following
<@ASSIGN Witango_UserReference VALUE=<@ARG _UserReference> SCOPE=COOKIE> Do this as the First code encountered
this would re-establish the link.
Though I could see where change the precedence could have a profound effect
Ben Johansen - http://www.pcforge.com -Authorized WiTango Reseller http://www.pcforge.com/WitangoGoodies.htm -Authorized Alt-N Reseller http://www.pcforge.com/AltN.htm
-----Original Message----- From: Stefan Gonick [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 8:31 PM To: [EMAIL PROTECTED] Cc: Robert Shubert Subject: Re: Witango-Talk: Critical Issue
I think that the key here is you said that you are losing the session as you go from non-ssl to ssl. Prior to version 062, the user reference in the search args was given priority over the session cookie. This worked great for switching to ssl. In version 062, the session cookie takes precedence. Bob Shubert can explain this better, but switching to ssl only works if the user hasn't been there before in which case there is no session cookie and the user ref search arg establishes the session. If the user goes back and forth in some way (this is where Bob needs to step in) there can be a different cookie on the ssl URL and, therefore, different user sessions.
Damn, it sounded so clear when Bob explained it, but it's coming out muddled now. I hope that he comes in and clarifies this, but I think that I'm on the right track.
Stefan
At 07:13 PM 9/4/2003 -0400, you wrote: >I have a recent issue with a site > >Witango server V5.062 windows 200 server. > >Intermittently the session is lost ( I boot them out if the user variable we >need is not present. > >Rest assured we pass userreferance arguments everywhere and I mean >everywhere. > >We also pass a random number between 100,000 and 1,000,000,000 > >We also do everything you can with the headers and IIS to force new pages. > >Prior to going to V5.062 it seemed the only time session was lost was when >we might expect it. Improper use of back buttons and refreshes after logout. > >But in the last two weeks we are seeing loss of session when moving between >the HTTP site and HTTPS. > >The directory does not change just the SSL > >It is intermittent. When it happens it seems to last about 2 hours and >effect most but not all people. > >It resolves by itself. > >I even created a small simple taf that just tests it by printing my name as >a user variable to the page. > >When it is happening the test file confirms the loss of session. When it is >not all works fine. > >When you are booted out the same user reference number comes up no matter >who it happens to and it is a number that was fist used about 2 weeks ago >from what I see in the logs. > >So... I stop the service and deleted the file in the Witango Server variable >cache directory and then restarted the server. > >I submitted the file with my bug report. > >Does this sound like what other people were seeing on the list? > >Does removing the file fix the problem? > >Does it re occur? > >Has anyone heard back from customer support? > >This is my biggest client so this is a serious major problem. >-- >Dan Stein >Digital Software Solutions >799 Evergreen Circle >Telford PA 18969 >Land: 215-799-0192 >Mobile: 610-256-2843 >Fax 413-410-9682 >FMP, WiTango, EDI,SQL 2000 >[EMAIL PROTECTED] >www.dss-db.com > > >________________________________________________________________________ >TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
======================================================== Database WebWorks: Dynamic web sites through database integration http://www.DatabaseWebWorks.com
________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
========================================================
Database WebWorks: Dynamic web sites through database integration
http://www.DatabaseWebWorks.com
________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
