[thelist] session and/or cookie persistence across an ssl and non-ssl connection
Scott Dexter
sgd at ti3.com
Thu Jan 17 15:39:53 CST 2002
(thinking carefully)
The ASP session ids are cookies, and are above the SSL negotiation. So
they would persist across SSL and non-SSL connections to the same
application (provided you don't blow up the session or the client's ip
address changes --the same pitfalls with using ASP sessions in the first
place)
Is the SSL site a different web site from the non-SSL? (e.g. in the MMC
they are two different sites) No? Should be good to go....
Or am I missing some details?
sgd
--
work: http://ti3.com/
non: http://thinksafely.org/
> -----Original Message-----
> From: Chris Blessing [mailto:webguy at mail.rit.edu]
> Once again I have a question for the list. I'm using session
> variables in
> ASP to store a few pieces of information about users on our
> site. It's
> when critical. Anyhow, what I have to do is get these
> sessions which are
> created on our SSL (https) site to persist across to our non-SSL site.
> These sites are hosted on the same machine, same IP, same
> hostname. The
> only difference is the protocol.
>
More information about the thelist
mailing list