Loading ...
Sorry, an error occurred while loading the content.

Re: How can I call the SessionID from SSL

Expand Messages
  • Josh Chamas
    ... You could try using SessionQueryParse and SessionQueryParseMatch and SessionQueryForce. HOWEVER, you shouldn t make this work. If you have session-id
    Message 1 of 2 , Feb 27, 2003
    • 0 Attachment
      Fernando Munoz wrote:
      > My application generates the session ID under HTTP (unencryted) and in some
      > point I need to take information that will be required using HTTPS (SSL
      > encrypted). I've noticed that my session ID changes when y change the
      > protocol. How can I keep/access the original Session ID (the one generated
      > under HTTP) under HTTPS?
      >

      You could try using SessionQueryParse and SessionQueryParseMatch
      and SessionQueryForce.

      HOWEVER, you shouldn't make this work. If you have session-id going
      over HTTP, it is not secure. If you made it work under HTTPS concurrently,
      then you would have a security problem with your application in that someone
      could packet sniff the session-id, and then walk in as that user into
      the "secure" part of your application.

      Therefore, make sure you do not have the same session being used
      across SSL & non-SSL HTTP pages.

      Regards,

      Josh
      ________________________________________________________________
      Josh Chamas, Founder phone:925-552-0128
      Chamas Enterprises Inc. http://www.chamas.com
      NodeWorks Link Checking http://www.nodeworks.com


      ---------------------------------------------------------------------
      To unsubscribe, e-mail: asp-unsubscribe@...
      For additional commands, e-mail: asp-help@...
    Your message has been successfully submitted and would be delivered to recipients shortly.