Ask a Question related to ASP Database, Design and Development.
-
Astra #1
Re: Keeping a login state when moving between http and https
Big apols.
I posted this in the general one when I think I should have posted it in
this one as it is more relevant. Please don't berate me!
Rgds Rob
=======================
Hi All
I've noticed on quite a few ASP sites that when they have a 'MyAccount'
section they transfer the site to https and then when you have logged into
your account successfully and gone back to the majority of the site you move
back to http whilst still being logged in.
I've used the Session var method before to check if a user can have access
to pages, but how on earth can I keep a handle on this when I flip the user
between my standard http to my https sites (and vice versa) when this
effectively loses the Session var (and cookie values for that matter).
If I have to post certain data between the sites then surely this causes
some kind of security breach.
Would I have to do the following:
1) On https, user enters their login and password.
2) These details are valid so I flag a session var on the https to say that
they can order stuff, look at certain pages, etc.
3) When the user clicks one of the page links back to say a Contact us
(http) page then this link must contain the username and password that they
entered.
4) Now that they are back in the http world, I do another DB query to
validate this details and set a session var in the http.
The above seems very messy for 2 reasons:
1) On the https pages I need to build the username/password into every
single visible link that goes back to the http so that I can trap what the
user is going to click on to go back.
2) The session var timeouts for the http and https are going to be out of
sync because the user might be looking at their account for say 5 mins under
https and then go back to the http.
I'm using 1 x MySQL db for my data, cart and to hold the login info.
If anybody has had this problem before and found a way round it, could you
please give me some pointers.
Thanks
Rob
Astra Guest
-
Moving pages with masters between documents and keeping altered pieces
I have two documents...each share the same masters. They are essentially the same document I just have one for a draft and the other for finals. ... -
Moving data from http to https
For a shopping cart-enable site, what is the best way to store and transfer a user's session data from non-secure to secure? The secure section... -
http to https
Is there a coldfusion function that determines the gives me the protocol of the address bar(http, https) .I tried GetHttpRequestData, but I do not... -
Switching between http and https popping up a login box
Hi, I am response.redirecting from an http to a https site, as follows: ... -
HTTPS to HTTP
When I am using server-side button to switch from https to http by using response.redirect "http://a.apsx" in response to the client event, I am... -
Astra #2 Keeping a login state when moving between http and https
Hi Guys
Any ideas on this???
Rgds
Rob
=====================
Hi All
I've noticed on quite a few ASP sites that when they have a 'MyAccount'
section they transfer the site to https and then when you have logged into
your account successfully and gone back to the majority of the site you move
back to http whilst still being logged in.
I've used the Session var method before to check if a user can have access
to pages, but how on earth can I keep a handle on this when I flip the user
between my standard http to my https sites (and vice versa) when this
effectively loses the Session var (and cookie values for that matter).
If I have to post certain data between the sites then surely this causes
some kind of security breach.
Would I have to do the following:
1) On https, user enters their login and password.
2) These details are valid so I flag a session var on the https to say that
they can order stuff, look at certain pages, etc.
3) When the user clicks one of the page links back to say a Contact us
(http) page then this link must contain the username and password that they
entered.
4) Now that they are back in the http world, I do another DB query to
validate this details and set a session var in the http.
The above seems very messy for 2 reasons:
1) On the https pages I need to build the username/password into every
single visible link that goes back to the http so that I can trap what the
user is going to click on to go back.
2) The session var timeouts for the http and https are going to be out of
sync because the user might be looking at their account for say 5 mins under
https and then go back to the http.
I'm using 1 x MySQL db for my data, cart and to hold the login info.
If anybody has had this problem before and found a way round it, could you
please give me some pointers.
Thanks
Rob
Astra Guest
-
Astra #3 POSSBILE ANSWER?? - Keeping a login state when moving between http and https
OK, OK what about if when they login I set a flag in the DB (only common
factor between the http and https) to say that they are in and then to try
and trap them leaving I use the session or application ends event to unflag
the login.
Any good?
If so, how do I mod this session/application_on end value?
It only appears to be accessible to people who have their own server rather
than me who has an ISP to host my pages.
Rgds
Robbie
"Astra" <info@NoEmail.com> wrote in message news:40ab3ee4_4@127.0.0.1...
Hi Guys
Any ideas on this???
Rgds
Rob
=====================
Hi All
I've noticed on quite a few ASP sites that when they have a 'MyAccount'
section they transfer the site to https and then when you have logged into
your account successfully and gone back to the majority of the site you move
back to http whilst still being logged in.
I've used the Session var method before to check if a user can have access
to pages, but how on earth can I keep a handle on this when I flip the user
between my standard http to my https sites (and vice versa) when this
effectively loses the Session var (and cookie values for that matter).
If I have to post certain data between the sites then surely this causes
some kind of security breach.
Would I have to do the following:
1) On https, user enters their login and password.
2) These details are valid so I flag a session var on the https to say that
they can order stuff, look at certain pages, etc.
3) When the user clicks one of the page links back to say a Contact us
(http) page then this link must contain the username and password that they
entered.
4) Now that they are back in the http world, I do another DB query to
validate this details and set a session var in the http.
The above seems very messy for 2 reasons:
1) On the https pages I need to build the username/password into every
single visible link that goes back to the http so that I can trap what the
user is going to click on to go back.
2) The session var timeouts for the http and https are going to be out of
sync because the user might be looking at their account for say 5 mins under
https and then go back to the http.
I'm using 1 x MySQL db for my data, cart and to hold the login info.
If anybody has had this problem before and found a way round it, could you
please give me some pointers.
Thanks
Rob
Astra Guest
-
devil #4 Re: Keeping a login state when moving between http and https
[url]http://ferruh.mavituna.com/ssl-implementation-security-faq-oku/[/url]
devil Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
