how to change url from http to https without loosing the session

Posted on 2006-04-19
Last Modified: 2008-01-09
i have a web application that is is not secured but when the user get to the credit card form page i need to secure it (http to https)  when i redirect the link starting https://-------  the session get lost
how can i change the url from http to https without redirection
Question by:Nabilbahr

    Author Comment

    is it possible to change the url on the address bar using java script
    LVL 3

    Expert Comment

    Can you tell us which language your application is written in?  PHP?  ASP.NET?
    LVL 35

    Expert Comment

    The session should not get lost when changing to https unless the secure site is not the same web server.  Can you give us some more information about how the session is being lost?

    You cannot use javascript to simply change the address bar - even if ou could it would have no effect until the page re-loaded using SSL.

    Author Comment

    i'm using visual basic 6.0 web application
    LVL 18

    Expert Comment

    by:Sudaraka Wijesinghe
    This is an issue I have seen in many web server when transferring between domains.
    Solution I used in a situation like this is to serialize the data in session of first domain to a parameter on query string and pass it over to next domain. On the second domain I deserialize the query string and populate the session.
    I have used this method in PHP and ASP.

    One glitch I faced and still haven’t found a solution is that when I want to destroy a session I could only destroy the session which the user is currently in.


    Author Comment

    in my web application if i want to submit a form  action=""
    sometimes i loose the session depending on the apartment thread that it uses
    but if i use action="mars.asp?wci=Start&wce=logon&" it works fine

    now if i want to change http to https , what can i do? sometime it works sometimes i loose the session
    the way that i know is by redirecting the whole url using https instead of http , which isn't good
    can anybody tell me an alternative
    LVL 18

    Accepted Solution

    As in your example you need to keep all the pages in to maintain the session. If at any place you redirect to different domain or sub domain in the same server the session will break. (I think some web server can be configured to share the session in sub domains)

    So in you case if you move or, you’ll lose the session. But you will NOT loose it by going to
    Note that some browsers change to by them self.

    When new session is created, web server creates an session ID which you will see as PHPSESSIONID or ASPSESSIONID or simply ID member of the session data collection. This ID is a MD5 of a string created using Server Signature and Client Signature.
    Client signature will contain IP, application (IE or Mozilla), ect. And server signature will contain the Server IP, domain name, ect.

    Oh and this just came into my mind, I once came into a situation that even in the same domain it keep loosing the session, issues in that case was the domain was load balanced and it’s configuration was not set correctly. (SA at the time fixed it, I don’t have much details on that)

    Author Comment


    my links are usually  <a href="app.asp?wci=start&wce=process&">process</a>   (running as http)
    if i use <a href="">process</a>
    the user may loose the session.
    how can i create a link on a page that link to the secure version of the site "https instead of http"
    without loosing the session.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
    Using SQL Scripts we can save all the SQL queries as files that we use very frequently on our database later point of time. This is one of the feature present under SQL Workshop in Oracle Application Express.
    This video teaches users how to migrate an existing Wordpress website to a new domain.
    Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now