|
|||||||||
|
|||||||||
|
|||||||||
 |
|||||||||
| |
||
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
|
|||||||||
| |
||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
ASP Free Forums Sponsor:
|
|
|
|
#1
May 29th, 2005, 04:46 PM
|
|||
|
|||
Session Problem
This is with ASP, not ASP.net. I find that session variables are maintained only in HTTPS mode. If I use the regular http or move from https to http, my session variable are lost and the sessionid changes. I have looked into misnaming of the server and domain and that is not the problem. I have looked into the alias possibility and that is not the problem. Nothing that Microsoft suggests works and I have not seen this anywhere else. Does anyone have an idea?
|
|
#2
May 29th, 2005, 10:19 PM
|
||||
|
||||
|
As a security issue, to prevent a glitch in the way IIS handles and stores SESSIONID's, the virtual folders in an HTTP site should have session handling turned off. This could be one possible cause. There could also be cache/session busting code in the page code, you could be moving between live(HTTP) and remote(HTTPS) sites, in which case the session state will not be maintained. Could you be more specific? Do sessions persist between HTTP pages? Is the session state only apparent when you switch between HTTP and HTTPS?
__________________
-
thought-after | my thoughts on web development Get Firefox, the developers browser Budget hosting - recommended [/left]
|
|
#3
May 30th, 2005, 02:30 AM
|
||||
|
||||
|
It sure sounds like your SSL server is physically separate from the normal server, and that the normal server doesn't have session state enabled.
__________________
Have I made your day? If so, please show your appreciation either by sending money  or the cheaper, preferred option of clicking on the scales icon at the top right of this posting. My reputation needs all the help it can get. 
|
|
#4
May 30th, 2005, 06:08 AM
|
|||
|
|||
|
celsius reply
Quote:
Thanks for your help. I am not moving from live(HTTP) and remote(HTTPS) sites. Sessions do not persist between HTTP pages. The session state only persists between HTTPS pages.
|
|
#5
May 30th, 2005, 06:13 AM
|
||||||
|
||||||
|
On the site or virtual directory that is not maintaining state, use IIS to check that it is allowed to maintain session state
Based on IIS 5 Right click on the item in question and then Properties -> Configuration -> Options And make sure that Enable Session State is checked
__________________
And he picked it all up... in his pick-up.  Friends of Shemzilla
|
|
#6
May 30th, 2005, 07:59 AM
|
|||
|
|||
|
session state
Quote:
Not so. I wish it were that simple.
|
|
#7
May 30th, 2005, 08:01 AM
|
|||
|
|||
|
session state II
Quote:
I wish it were that simple. I have checked this and it is enabled.
|
|
#8
May 30th, 2005, 08:29 AM
|
||||||
|
||||||
|
Are you using the same browser?
|
|
#10
May 30th, 2005, 08:58 AM
|
||||||
|
||||||
|
Do you have a 0 byte global.asa?
What happens if you use the IP Address to browse? Last edited by elijathegold : May 30th, 2005 at 09:00 AM.
|
|
#11
May 30th, 2005, 09:49 AM
|
||||
|
||||
|
The only thing I can think of that stops session persistence across HTTP pages when session state is enabled, is the disabling of javascript on the client, though this doesn't explain why sessions persist across HTTPS pages.
I take it that we're talking about a single non-SSL web server, not a load-balanced cluster.
|
|
#12
May 30th, 2005, 09:53 AM
|
|||
|
|||
|
0 global.asa
Quote:
Yes, I looked into both. Did what Microsoft suggested and eliminated the global.asa and also put in some vanilla stuff. Both failed. Works the same using IP. Go Figure.
|
|
#13
May 30th, 2005, 09:56 AM
|
|||
|
|||
|
Yes, not cluster
Quote:
Yes, it is not a load-balanced cluster. It does have a certificate of course. I guess my only recourse is to run everything as https.
|
|
#14
May 30th, 2005, 10:21 AM
|
||||
|
||||
|
Weird! But there has to be a logical explanation for this - you shouldn't have to resort to SSL to make it work.
Do you have another test server to try with the same pages and client? Are you convinced that javascript is enabled on the client? The asp pages don't have <%@ enablesessionstate=false%> at the start? (Clutching at straws here).
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
