I can't seem to find again where this cookie is placed by IIS. Can someone
quickly respond with its location. Thank you.
Also, does anyone know if this system created cookie has the same attribute
of SECURE as does a developer created cookie? I know it's read only but how
can I secure it. I'm using 128 SSL in addition.
It was recently brought to my attention that a cookie that gets set for access to our intranet is being appended with ASPSESSIONIDSCBRRTTR followed by a long string of random characters and no one seems to know who or what is setting this.
Can anyone provide me with some insight? Is this an automatic ASP or IIS function or is it something to be concerned about?
How do you change the ASPSessionID during a web session? I have an ASP
application in SSL. The first screen is a login screen, which requests user
id and password. An ASPSessionID is assigned for this page. Once the user
is authenticated by valid id/pwd, the second page starts the real
applicaiton. I want to change the ASPSessionID to be different from the
first login page, which was issued to an unauthenticated user. How do I do
that in ASP?
I have code written in VBScript that accepts a POST submission from an external server to perform an auto-login to our website. I am experiencing an issue with Internet Explorer ONLY that I have determined using Fiddler.
The problem is that when I POST to this page, I need to set a few session variables that are passed on to the following page after logging in. But using fiddler, I have realized that for some reason, in IE, the "Set-cookie" statement in the headers is never acted on by the server. On all following pages the "set-cookie" header is sent on every page, but the ASP SESSION header is never set that indicates the session was started.
If I do the same test in Firefox, it works perfectly fine, no problem. So it seems IE is the issue.
One other fairly important piece of the problem appears to be that the external server that is initiating the POST submission is running Java, so when the user is on the external server their browser is maintaing a JSESSIONID value. But when they submit the POST form over to our server, the Set-Cookie directive is trying to set an ASPSESSIONID, which is never accepted by the browser...
So is it possible that for some reason IE is not able to handle a user coming from a JSESSIONID over to an ASPSESSIONID?
I need to somehow work around this, or somehow force the ASPSESSIONID to kick in, because it is critical that I can set session variables for use on later pages.
I am using the XMLHTTP object to request a page from within another ASP page. For my scenario, the two pages should operate in the same session. However, when I request the second page, a new session is created. This makes sense since it is coming from a different client (the XMLHTTP object as opposed to my browser).
I've tried to pass the ASPSESSIONID cookie along with the XMLHTTP post, but every time I pass the valid cookie, the XMLHTTP request times out.
Has anyone experienced anything similar to this? Is what I am trying to accomplish even possible?