Maintain session between domains

Hi Experts

I'm trying to maintain a session between two different domains (one SSL) without filling the address bar with session info. Can anyone point me in the right direction?

Play.com seem to manage it:
http://www.play.com/HOME/HOME/NAVMAIN/5-/Home.html
https://www.playsecureserver1.com/Order.asp



Thanks Paul
LVL 3
chiii0utAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
ee_ai_constructConnect With a Mentor Commented:
PAQ / Refund
ee ai construct, community support moderator
0
 
DreamMasterCommented:
How about using a component for it?

http://www.groat.com/sessionfarm/implement.asp

That seems to work.

Regards,
Max.
0
 
jh71283Commented:
Are the 2 domains hosted on the same server / do they share a database?

I think that is how play.com do it - a shared database.

I think it is more for show than anything else - Joe public will be more impressed... "Ohoh Play must be a very secure system.... look.... playsecureserver1.com"

Whereas us techies know that that is unnecessary.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
chiii0utAuthor Commented:
Hi DreamMaster  - I'd like to check out the options available before looking at an addin but thanks anyway

jh71283 -

Both domains are on ns1.dotnetted.com. The SQL database is available from either domain via dsnless connection

Dotnetted has said that the common ways of maintaining sesssion info are:
post the information from one page to the other via a form (or query string) or to save that info to your database, move to the other 'site' and then retrieve the info back from the database.

They also have a page dedicated to session state:
http://www.dotnetted.co.uk/support/dotnetted/net_session_state.asp

It's new to me and I was hoping someone could pick the bones out of what's available and post a bit of sample code in here?
0
 
jh71283Commented:
Will your users have a login portal? If so, this will make it easier for this task.
0
 
jh71283Commented:
or, is it acceptable for you to have a guid passed in the querystring?

This all depends on your reasons for not using querystrings in the first place, eg if it is to look neat, or so that sensitive info is not visible iin the address bar...
0
 
jh71283Commented:
I assumed the issued was resolved, as there was no response to my queries.
0
 
DreamMasterCommented:
It would at least not have hurt for chii0ut to have come back to the question and ask for more help if our suggestions had not helped at all.

Regards,
Max.
0
 
chiii0utAuthor Commented:
Yes - very sorry about that :(

This is where the site is at the moment:
http://chilcouk.spike.dotnetted.co.uk/PS2_Games.aspx

It's on temporary space until it's ready to move the domain over.

If you click on the login tab, it takes you to a temporary ssl folder which to be honest I'm not sure if it's just a subfolder or a virtual directory - I've emailed the isp and will post their comments if this thread is kept open.

0
 
chiii0utAuthor Commented:

The hosting co replied:

"As you're using shared SSL the ssl enabled URL will be under a different domain to the rest of your site and session state will be lost - there's further information on this here : http://www.dotnetted.co.uk/support/dotnetted/ssl_shared_cert.asp  "

"Whereas a full cert would work fine - you could swap between http://www.chilloutgames.co.uk and https://www.chilloutgames.co.uk without losing session information."



0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.