HTTPS -> HTTP Lost Session
if a URL is
https://www.mysite.com/mypage.asp
clients are redirected to
http://www.mysite.com/mypage.asp
This works fine for all but 1 client. He looses a session during the
redirect. Apparently his browser interprets https:// and http:// as
different domains.
View Replies
ADVERTISEMENT
I have a website that has a asp secured members only aria that keeps session variables to check if someone is logged in or not (if session variables are not there then redirect to logon screen) but I also have non members aria and I need a way of asking the user if they want to move away from the members only area or go back to it. I have used an asp to find out if the page is a non member page and if there is a session variable there.
If there is a session variable and is a non member page then I use JavaScript to bring up a confirm box that if the cancel button is pressed then it goes back a page. The problem is that when you go back a page the session variable gets lost. Dose anyone know how to solve this problem or a better way of doing this?
View Replies
View Related
I'm trying to detect if the user is utilizing HTTP or HTTPS in the address
bar. The following code responds true regardless of whether I use HTTP or HTTPS.
What should I be using? In the end, if the user types in HTTP, I will
redirect them to HTTPS.
<%
If Request.Servervariables("https") <> "" Then
Response.Write "this is https...OK!!!"
End If
%>
View Replies
View Related
I have a site that requires a checkout process. THe checkout process occurs in the secure server. I need to pass session variables from one server to the next.
View Replies
View Related
I've integrated a secure certificate into my e-commerce site. However, when I forward people to the account log-in area (https) all of the relative links on the page obviously then point to http://www.mydomain/homepage for example.
How do I do what Dabs do, and redirect these links back to non-secure pages, without hard-coding all links as full URLs?
View Replies
View Related
I wish to have a web site that has most of the pages as normal HTTP pages
but has some areas that use HTTPS. I want to have it that if a user selects
a link to a HTTPS page that they go there an there Session Information is
kept. I also wish to have the pages switch automatically to HTTPS if a
visitor types the URL without the HTTPS. So my questions are:
1) How to redirect to a Secure Page without losing Session Info?
2) How to test if page is accessed by HTTPS, and if not switch to HTTPS
quickly?
I think something like this code is what I want but how do I do it.
<%
if not "HTTPS" then
response.redirect(https://mysite.com/securepage.asp)
end if
%>
View Replies
View Related
I am using the following code in my default.asp page to redirect the page
from HTTP to HTTPS
<%
if Request.ServerVariables("HTTPS") = "off" Then
Response.Redirect("https://" & Request.ServerVariables("HTTP_HOST") &
Request.ServerVariables("URL"))
End if
%>
I got the code off of a website and found that many web sites had similar
code for doing the same thing. The problem I am having is that the code
will not redirect to the HTTPS and will keep reloading the page. Is there a
setup issue with IIS that I might be missing?
View Replies
View Related
Just to explain what's going on briefly... I've added an include to the top of all files on our site (this code is pasted below) to check IP address, and then some pages will display slightly different content for our Canadian or US customers.
This works fine in Firefox. However, in IE, when a Canadian visitor comes it doesn't display canadian content on the http version of any page. Once they go to a https page, it works just fine. After that, if they go back to an http page it still displays properly. Code:
View Replies
View Related
my site apears to be loosing its session variable because it uses dynamically created absolute links. but because the user could have entered the site using any of 4 domains the links might change the domain.
So the user sees no difference but the cart has lost its session. firstly, is this possible? Secondly can I determin the url used to find the site and use that in the dynamic links?
View Replies
View Related
I allways loose the Sessionvariables in my asp-pages (I'm using IIS5.0 with
Visual Interdev 6.0).
For Example: when i create a startpage.asp, and type > Session("PersonalNr")
= 456 < he cant remember this value on another page.
when i query this value (for example in endpage.asp):
Response.Write(Session(("PersonalNr")), i get the value 0, because the
session will be restarted (The function "Session_OnStart" will be called
again in the global.asa file)
Does anyone know why ?
View Replies
View Related
I have a problem with my asp code on an iis 6.0 server on windows 2003
web. When I redirect between to asp pages on my web-site, where pageA is
in a different virtual directory from pageB the session variables value
a lost. I know that it is the session ID there increases. (New session).
If I make the same call in the same virtual directory the session
variables is not lost. Is it some thing about different application
pools? If sow, how can I join two or more application pools regarding
to session variables? If not is there a none coding work around.
View Replies
View Related
What could the likely cause of a session value being lost when one navigates
to another page and attempts to write that session out:
Page 1
session("u_name") = oRS.fields("u_name")
Navigate to Page 2
Response.write Session("u_name")
....."_name" seems to be empty on Page 2.
What am I doing wrong here?
View Replies
View Related
I have a project in which I'm trying to embed one site, that uses
session stored variables, inside an IFRAME in another site (which for
that matter doesn't even use sessions).
Problem is, that it doesn't always save the session. When I try to
access it from some computers, I have no problem, the session variable
is stored and I can browse the site in the IFRAME and everything's ok,
but on other computers, the session variable value simply disappears.
To simulate the situation, assume that the two following html trees are
the site that goes into the IFRAME: Code:
View Replies
View Related
currently i working on project in asp, i done everything in my own company server and eveyrthing works fine, when i migrate to customer place server, eveyrthing also working fine, but the only thing doesnt work is session variable, i totally cant get my session variable in the customer place's server. Server in my company and my client is the same, window 2003 server, iis 6.
View Replies
View Related
Is there any way in ASP to catch a destroyed session when the user closes their window.
Example.
When a user enters a page, I create a session - Session("blah")="blah" . However when the window is closed, the session is destroyed, but before it's being destroyed, I want to some things.
View Replies
View Related
I have an mypage.asp page with a button, one can access this page only
if
Session("smth") = 1.
There is also an empty iframe in this page (src is not specified).
When I click the button I will fill the iframe with a page (src =
'another.asp').
For security reasons I check the login session in another.asp and
Session("smth") is empty no matter I have logged before.
In mypage.asp Session("smth") is still on and its value is 1 but it
looks like it gets lost in the iframe.
Any idea why and how to fix this issue?
View Replies
View Related
To better manage our secure site we just separated the registration and
checkout sections of our web into separate virtual directories. These new
virtual directories are on the same server as the primary eCommerce website.
This is an ASP site (not asp.net). When this version goes into production it
will be on a 2003 server (IIS 6) with a SQL Server backend (located on a
different server).
Now when the main server passes control to one of the new virtual webs the
session information is lost. I'm having problems finding information on the
web as to how to maintain this information between the web and virtual
directories. It's imperative that this information remain secure so query
strings or anything that would pass visible data is not an option.
View Replies
View Related
I have a normal login page that (upon clicking submit) checks whether you are part of a particular office and then redirects the user to their particular office's webserver.
The problem i am having is that when i redirect a user, to a securewelcome page, they lose their session variables causing them to have to login again. What am i doing wrong to make these variables get lost in the redirect? Is it because i am redirecting to a different webserver?
View Replies
View Related
I have built a site that works/worked absolutely fine on my test server. When I transferred it to a remote web host (the intended permanent home of the site) something very worrying keeps happening to my site.
I use, as is the norm, session variables to store login information. At the top of each page I do a check that Session("isLoggedIn") = "True", and if not then the system logs them back out.
The serious problem is that once you have logged into the site, the next page you try to open it fails the above check and logs you out! Obviously Session("isLoggedIn") is not equal to "True" so it assumes you aren't logged in. So basically the session variables are getting lost/cleared. This makes my site unusable, and is a disaster for it unless I can get a solution.
View Replies
View Related
Windows 2000 Server SP3
IIS 5.0
NET FRAMEWORK 1.1 SP1
SessionState="InProc"
Antivirus deactivate
No changes on main files (web.config, machine.config, in)
No exist Active Directory (changes in ACL are not exist)
In machine.config LogLevel="All"
No events registered in Event Viewer.
aspnet_wp.exe not recycled never.
Scenario:
Web site accessed by multiple users at the same time. Some user data are
stored in a session variables. Randomly one user view data of another
user.
It ocurrs in two different machines.
What can be?
View Replies
View Related
I have a web site where once a user has logged on I store their MemberID in a global variable in the global.asa file.
Then in other pages I find out which member I am dealing with by looking at this variable, ie:
<%
Private lgMemberID
lgMemberID = Session.Contents("MemberID")
%>
I then use this variable to query a database... Code:
View Replies
View Related
My ASP page 1 redirect user to third party's website,
after the process at third party is finished, in 3rd
party's page, there is one link to route user back to my
website: ASP page2.
As the user do all of these actions in the same browser, I
expect the user's session variables to be kept, But the
seesion variable are lost.
View Replies
View Related
I get this error when I try to load my site, "default.asp", or any ASP file really. This error comes up inexplicably, once every month or two. I cannot seem to regain access to the site until IIS is restarted. The error is probably caused by something I'm doing in my script, and it seems to be server side in nature.
Has anyone encountered this error before?Does anyone know what would cause this?I'd be happy to offer more information about the server, and/or my script, but I am not very intimate with the server as it is administrated at a remote location by someone else, and I really don't know where to start looking in my script. The web site functions flawlessly for a month or two before this error comes up.
View Replies
View Related
I'm writing an application to authenticate a user using a challenge
response mechanism. The client and server components of the
application talk over HTTP.
I would like to use an ASP session object to hold a random number on
the server. The code to store the number is written as part of a VB
web class.
When I read the http header returned from my server, I can't see the
session cookie. Why is this? If I create a normal cookie as part of
my web class, it is returned correctly within the header.
I am using HttpQueryInfo the read the header as follows:
blnReturn = CBool(HttpQueryInfo(hOpenRequest, HTTP_QUERY_RAW_HEADERS,
ByVal strBuffer, Len(strBuffer), 0))
View Replies
View Related
I have a Win 2003 SP1 with IIS 6 and host about 40 websites, most of
them useing ASP/VB with access databases. The server is a Dell Dual 2.4Ghz
XEON with 512Mb Ram.
Every few days I get the error 'HTTP/1.1 New Session Failed' and the server
stops showing the sites. It comes right after a bit and then the error comes
back. I have separed the sites into 10 per application pool but it still does it.
Occassionally it will actually look like it is working but the sessions just
keep resetting and the users get logged out every 2 or 3 minutes.
There is a hotifx 838306 which according to MS is in SP1 but according to
everyone else, is NOT. It wont install on SP 1 because it needs another
hotfix first (837001), which will not install because there is a later
version of the 2nd hotfix in SP1. Catch 22!
So my solution is to set up my server to reboot every night at 2am. That
keeps it going.... barely.
People keep saying you don't need to reboot, just recycle the app pools.
Well that does not fix anything, only a cold reboot solves the problem... for
a few hours anyway.
View Replies
View Related
i'm using windows XP, IIS 5.1, Visual .NET 2003 and SQL Server 2000.
When I open New Project - Visual C# Projects - ASP .NET Web Service -
Location : http://localhost/WebService1
After that i click OK, then it returns error
"The web server reported the following error when
attempting to create or open the web project
located at the following
URL:'http://localhost/WebService1. HTTP/1.1 302 Found"
After that i try this : Code:
View Replies
View Related
I find that all the values of the session variables i have created is empty when i use https. I am sucessfully able to use these session variables in the other pages that does not use https.
While making a shopping cart and using https for checkout process. What is the best method to retrieve cart values like item, total etc. Currently i'm using session to access these values in different pages during checkout but the problem is what i have mentioned above when i use https. What method do u prefer and how does it work?.
View Replies
View Related
I have a question regarding https and SSL between two web
sites. I am not quit understand how asp application can
handle https, encryption and SSL. Here is scenario:
An asp application on my web site requires to get form
data from web client and to convert the data with XML
format and send the data to another web site which only
accepts https protocol.
If my site needs to receive information from the remote
web site, then I know a digital certificate needs to be
installed on my side. and https configuration needs to be
implemented on local web server.
However, if all of local side need to do is to send data
to remote web server with data encrypted, do I still need
to install digital certificate and enable https on local
web server? If not, how can I encrypt data with the the
certificate so it can be accepted by remote server and be
decoded by remote server side?
View Replies
View Related
I'm in a non-secure page (http). When I click on a submit button, I'm about to enter the secure page (https). But I got the popup saying that I'm about to enter a non-sercure page, wanna continue(yes,no).
If I click YES, it take me to "https" page. This doesn't make any sense at all.
View Replies
View Related
I'm working on an e-commerce site and we've just purchased a secure certificate to transmit a shopping cart to the payment gateway without fear of tampering.
Question is, should the whole site be built on https:// or should only the form which posts to the payment gateway be secure?
View Replies
View Related
I need to implement in my site the HTTPS. But I don't know anything about
this. Can someone help me or give me a way to learn about it?
View Replies
View Related
I have enforced SSL connections on my website to make it secure. My problem is if the users go to http://wesite-url they get an error message saying:The page must be viewed over a secure channel
The page you are trying to view requires the use of "https" in the address.
Instead of showing this error page, I want to automatically redirect them to https://website-url. Is it possible?? Do I need to to program this in gloabal.asa?
View Replies
View Related
I am developing an application over the web(intranet app). Now my problem
has to do with secure communication
between browser and webserver. I want to enable secure communication using
https. Are there any alternatives other than buying certificate for virtual
directory ?
View Replies
View Related