tags:

views:

447

answers:

2
Q: 

How to maintain the same ASP session during a redirect to SSL?

I have a shopping cart website running classic ASP that needs help during the checkout process. When a user is ready to checkout, they are redirected to an SSL version of the site. 

Response.Redirect "https://mysecuresite.com/beginCheckoutProcess.asp"

When the jump occurs, the customer starts a new session when they arrive at the SSL version of the site. This means that the contents of their cart are lost, leaving them with a terrible experience on the site.

Is there a way to maintain the same ASP session across the jump to SSL?

A: 

Have you tried setting a cookie and storing it on both ends? Then you can recreate the session on the other end.

Daniel A. White  2009-04-18 13:46:25
+1  A: 

If you keep the subdomain same it'll just work.

dr. evil  2009-04-18 14:19:31
It looks like that was the case. Users were coming to our site without a www subdomain, and we were redirecting them to a hardcoded www subdomain SSL version of the site.Thanks!
Jeff Fritz  2009-04-18 17:45:36
welcome :), For the sake of security take a look at "secure cookies". Depends on the application you might want to implement that, so you can secure your SSL session.
dr. evil  2009-04-18 18:12:16

related questions

Retrieving HTTP status code from loaded iframe with Javascript
How to specify an authenticated proxy for a python http connection?
Why does HttpCacheability.Private suppress ETags?
How to respond to an alternate URI in a RESTful web service
Is there a reason to use BufferedReader over InputStreamReader when reading all characters?
What would be a good, windows and iis (http) based distributed version control system
Database query representation impersonating file on Windows share?
How do I use NTLM authentication with Active Directory
Process raw HTTP request content
How would you implement FORM based authentication without a backing database?
Reading "chunked" response with HttpWebResponse
Best way to let users download a file from my website: http or ftp
How do I convert a date to a HTTP-formatted date in .Net / C#
What is the best way to upload a file via an HTTP POST with a web form?
How do I stop IIS7 dropping my cookies?
Checking FTP status codes with a PHP script.
HTTP Libraries for Emacs
Accessing post variables using Java Servlets
HTTP: Generating ETag Header
HTTP: How to know when to send a 304 Not Modified response
How do I best detect an ASP.NET expired session?
How can I make the browser see CSS and Javascript changes?
How to curl or wget a web page?
The Definitive Guide To Website Authentication
Implementation of "Remember me" in a Rails application.