[thelist] session and/or cookie persistence across an ssl and non-ssl connection

Scott Dexter sgd at ti3.com
Thu Jan 17 15:39:53 CST 2002


(thinking carefully)

The ASP session ids are cookies, and are above the SSL negotiation. So
they would persist across SSL and non-SSL connections to the same
application (provided you don't blow up the session or the client's ip
address changes --the same pitfalls with using ASP sessions in the first
place)

Is the SSL site a different web site from the non-SSL? (e.g. in the MMC
they are two different sites) No? Should be good to go....

Or am I missing some details?

sgd
--
work: http://ti3.com/
non: http://thinksafely.org/ 

> -----Original Message-----
> From: Chris Blessing [mailto:webguy at mail.rit.edu] 

> Once again I have a question for the list.  I'm using session 
> variables in
> ASP to store a few pieces of information about users on our 
> site.  It's

> when critical.  Anyhow, what I have to do is get these 
> sessions which are
> created on our SSL (https) site to persist across to our non-SSL site.
> These sites are hosted on the same machine, same IP, same 
> hostname.  The
> only difference is the protocol.
> 




More information about the thelist mailing list