clients are redirected to
http://www.mysite.com/mypage.asp
This works fine for all but 1 client. He looses a session during the
redirect. Apparently his browser interprets https:// and http:// as
different domains.
I have a website that has a asp secured members only aria that keeps session variables to check if someone is logged in or not (if session variables are not there then redirect to logon screen) but I also have non members aria and I need a way of asking the user if they want to move away from the members only area or go back to it. I have used an asp to find out if the page is a non member page and if there is a session variable there.
If there is a session variable and is a non member page then I use JavaScript to bring up a confirm box that if the cancel button is pressed then it goes back a page. The problem is that when you go back a page the session variable gets lost. Dose anyone know how to solve this problem or a better way of doing this?
I'm trying to detect if the user is utilizing HTTP or HTTPS in the address bar. The following code responds true regardless of whether I use HTTP or HTTPS. What should I be using? In the end, if the user types in HTTP, I will redirect them to HTTPS.
<% If Request.Servervariables("https") <> "" Then Response.Write "this is https...OK!!!" End If %>
I have a site that requires a checkout process. THe checkout process occurs in the secure server. I need to pass session variables from one server to the next.
I've integrated a secure certificate into my e-commerce site. However, when I forward people to the account log-in area (https) all of the relative links on the page obviously then point to http://www.mydomain/homepage for example.
How do I do what Dabs do, and redirect these links back to non-secure pages, without hard-coding all links as full URLs?
I wish to have a web site that has most of the pages as normal HTTP pages but has some areas that use HTTPS. I want to have it that if a user selects a link to a HTTPS page that they go there an there Session Information is kept. I also wish to have the pages switch automatically to HTTPS if a visitor types the URL without the HTTPS. So my questions are: 1) How to redirect to a Secure Page without losing Session Info? 2) How to test if page is accessed by HTTPS, and if not switch to HTTPS quickly?
I think something like this code is what I want but how do I do it.
<% if not "HTTPS" then response.redirect(https://mysite.com/securepage.asp) end if %>
I got the code off of a website and found that many web sites had similar code for doing the same thing. The problem I am having is that the code will not redirect to the HTTPS and will keep reloading the page. Is there a setup issue with IIS that I might be missing?
Just to explain what's going on briefly... I've added an include to the top of all files on our site (this code is pasted below) to check IP address, and then some pages will display slightly different content for our Canadian or US customers.
This works fine in Firefox. However, in IE, when a Canadian visitor comes it doesn't display canadian content on the http version of any page. Once they go to a https page, it works just fine. After that, if they go back to an http page it still displays properly. Code:
my site apears to be loosing its session variable because it uses dynamically created absolute links. but because the user could have entered the site using any of 4 domains the links might change the domain.
So the user sees no difference but the cart has lost its session. firstly, is this possible? Secondly can I determin the url used to find the site and use that in the dynamic links?
I allways loose the Sessionvariables in my asp-pages (I'm using IIS5.0 with Visual Interdev 6.0).
For Example: when i create a startpage.asp, and type > Session("PersonalNr") = 456 < he cant remember this value on another page.
when i query this value (for example in endpage.asp):
Response.Write(Session(("PersonalNr")), i get the value 0, because the session will be restarted (The function "Session_OnStart" will be called again in the global.asa file)
I have a problem with my asp code on an iis 6.0 server on windows 2003 web. When I redirect between to asp pages on my web-site, where pageA is in a different virtual directory from pageB the session variables value a lost. I know that it is the session ID there increases. (New session).
If I make the same call in the same virtual directory the session variables is not lost. Is it some thing about different application pools? If sow, how can I join two or more application pools regarding to session variables? If not is there a none coding work around.
I have a project in which I'm trying to embed one site, that uses session stored variables, inside an IFRAME in another site (which for that matter doesn't even use sessions).
Problem is, that it doesn't always save the session. When I try to access it from some computers, I have no problem, the session variable is stored and I can browse the site in the IFRAME and everything's ok, but on other computers, the session variable value simply disappears.
To simulate the situation, assume that the two following html trees are the site that goes into the IFRAME: Code:
currently i working on project in asp, i done everything in my own company server and eveyrthing works fine, when i migrate to customer place server, eveyrthing also working fine, but the only thing doesnt work is session variable, i totally cant get my session variable in the customer place's server. Server in my company and my client is the same, window 2003 server, iis 6.
Is there any way in ASP to catch a destroyed session when the user closes their window.
Example.
When a user enters a page, I create a session - Session("blah")="blah" . However when the window is closed, the session is destroyed, but before it's being destroyed, I want to some things.
I have an mypage.asp page with a button, one can access this page only
if Session("smth") = 1. There is also an empty iframe in this page (src is not specified). When I click the button I will fill the iframe with a page (src = 'another.asp').
For security reasons I check the login session in another.asp and Session("smth") is empty no matter I have logged before.
In mypage.asp Session("smth") is still on and its value is 1 but it looks like it gets lost in the iframe.
To better manage our secure site we just separated the registration and checkout sections of our web into separate virtual directories. These new virtual directories are on the same server as the primary eCommerce website. This is an ASP site (not asp.net). When this version goes into production it will be on a 2003 server (IIS 6) with a SQL Server backend (located on a different server). Now when the main server passes control to one of the new virtual webs the session information is lost. I'm having problems finding information on the web as to how to maintain this information between the web and virtual directories. It's imperative that this information remain secure so query strings or anything that would pass visible data is not an option.
I have a normal login page that (upon clicking submit) checks whether you are part of a particular office and then redirects the user to their particular office's webserver.
The problem i am having is that when i redirect a user, to a securewelcome page, they lose their session variables causing them to have to login again. What am i doing wrong to make these variables get lost in the redirect? Is it because i am redirecting to a different webserver?
I have built a site that works/worked absolutely fine on my test server. When I transferred it to a remote web host (the intended permanent home of the site) something very worrying keeps happening to my site.
I use, as is the norm, session variables to store login information. At the top of each page I do a check that Session("isLoggedIn") = "True", and if not then the system logs them back out.
The serious problem is that once you have logged into the site, the next page you try to open it fails the above check and logs you out! Obviously Session("isLoggedIn") is not equal to "True" so it assumes you aren't logged in. So basically the session variables are getting lost/cleared. This makes my site unusable, and is a disaster for it unless I can get a solution.
Windows 2000 Server SP3 IIS 5.0 NET FRAMEWORK 1.1 SP1
SessionState="InProc"
Antivirus deactivate
No changes on main files (web.config, machine.config, in)
No exist Active Directory (changes in ACL are not exist)
In machine.config LogLevel="All"
No events registered in Event Viewer.
aspnet_wp.exe not recycled never.
Scenario: Web site accessed by multiple users at the same time. Some user data are stored in a session variables. Randomly one user view data of another user.
My ASP page 1 redirect user to third party's website, after the process at third party is finished, in 3rd party's page, there is one link to route user back to my website: ASP page2.
As the user do all of these actions in the same browser, I expect the user's session variables to be kept, But the seesion variable are lost.
I get this error when I try to load my site, "default.asp", or any ASP file really. This error comes up inexplicably, once every month or two. I cannot seem to regain access to the site until IIS is restarted. The error is probably caused by something I'm doing in my script, and it seems to be server side in nature.
Has anyone encountered this error before?Does anyone know what would cause this?I'd be happy to offer more information about the server, and/or my script, but I am not very intimate with the server as it is administrated at a remote location by someone else, and I really don't know where to start looking in my script. The web site functions flawlessly for a month or two before this error comes up.
I'm writing an application to authenticate a user using a challenge response mechanism. The client and server components of the application talk over HTTP.
I would like to use an ASP session object to hold a random number on the server. The code to store the number is written as part of a VB web class.
When I read the http header returned from my server, I can't see the session cookie. Why is this? If I create a normal cookie as part of my web class, it is returned correctly within the header.
I am using HttpQueryInfo the read the header as follows:
I have a Win 2003 SP1 with IIS 6 and host about 40 websites, most of them useing ASP/VB with access databases. The server is a Dell Dual 2.4Ghz XEON with 512Mb Ram.
Every few days I get the error 'HTTP/1.1 New Session Failed' and the server stops showing the sites. It comes right after a bit and then the error comes back. I have separed the sites into 10 per application pool but it still does it. Occassionally it will actually look like it is working but the sessions just keep resetting and the users get logged out every 2 or 3 minutes.
There is a hotifx 838306 which according to MS is in SP1 but according to everyone else, is NOT. It wont install on SP 1 because it needs another hotfix first (837001), which will not install because there is a later version of the 2nd hotfix in SP1. Catch 22!
So my solution is to set up my server to reboot every night at 2am. That keeps it going.... barely.
People keep saying you don't need to reboot, just recycle the app pools. Well that does not fix anything, only a cold reboot solves the problem... for a few hours anyway.
I find that all the values of the session variables i have created is empty when i use https. I am sucessfully able to use these session variables in the other pages that does not use https. While making a shopping cart and using https for checkout process. What is the best method to retrieve cart values like item, total etc. Currently i'm using session to access these values in different pages during checkout but the problem is what i have mentioned above when i use https. What method do u prefer and how does it work?.
I have a question regarding https and SSL between two web sites. I am not quit understand how asp application can handle https, encryption and SSL. Here is scenario: An asp application on my web site requires to get form data from web client and to convert the data with XML format and send the data to another web site which only accepts https protocol. If my site needs to receive information from the remote web site, then I know a digital certificate needs to be installed on my side. and https configuration needs to be implemented on local web server. However, if all of local side need to do is to send data to remote web server with data encrypted, do I still need to install digital certificate and enable https on local web server? If not, how can I encrypt data with the the certificate so it can be accepted by remote server and be decoded by remote server side?
I'm in a non-secure page (http). When I click on a submit button, I'm about to enter the secure page (https). But I got the popup saying that I'm about to enter a non-sercure page, wanna continue(yes,no).
If I click YES, it take me to "https" page. This doesn't make any sense at all.
I'm working on an e-commerce site and we've just purchased a secure certificate to transmit a shopping cart to the payment gateway without fear of tampering.
Question is, should the whole site be built on https:// or should only the form which posts to the payment gateway be secure?
I have enforced SSL connections on my website to make it secure. My problem is if the users go to http://wesite-url they get an error message saying:The page must be viewed over a secure channel
The page you are trying to view requires the use of "https" in the address.
Instead of showing this error page, I want to automatically redirect them to https://website-url. Is it possible?? Do I need to to program this in gloabal.asa?
I am developing an application over the web(intranet app). Now my problem has to do with secure communication between browser and webserver. I want to enable secure communication using https. Are there any alternatives other than buying certificate for virtual directory ?