Solved

Maintain session between domains

Posted on 2006-07-03
12
676 Views
Last Modified: 2012-05-05
Hi Experts

I'm trying to maintain a session between two different domains (one SSL) without filling the address bar with session info. Can anyone point me in the right direction?

Play.com seem to manage it:
http://www.play.com/HOME/HOME/NAVMAIN/5-/Home.html
https://www.playsecureserver1.com/Order.asp



Thanks Paul
0
Comment
Question by:chiii0ut
  • 4
  • 3
  • 2
  • +1
12 Comments
 
LVL 19

Expert Comment

by:DreamMaster
ID: 17031169
How about using a component for it?

http://www.groat.com/sessionfarm/implement.asp

That seems to work.

Regards,
Max.
0
 
LVL 1

Expert Comment

by:jh71283
ID: 17036638
Are the 2 domains hosted on the same server / do they share a database?

I think that is how play.com do it - a shared database.

I think it is more for show than anything else - Joe public will be more impressed... "Ohoh Play must be a very secure system.... look.... playsecureserver1.com"

Whereas us techies know that that is unnecessary.
0
 
LVL 3

Author Comment

by:chiii0ut
ID: 17036943
Hi DreamMaster  - I'd like to check out the options available before looking at an addin but thanks anyway

jh71283 -

Both domains are on ns1.dotnetted.com. The SQL database is available from either domain via dsnless connection

Dotnetted has said that the common ways of maintaining sesssion info are:
post the information from one page to the other via a form (or query string) or to save that info to your database, move to the other 'site' and then retrieve the info back from the database.

They also have a page dedicated to session state:
http://www.dotnetted.co.uk/support/dotnetted/net_session_state.asp

It's new to me and I was hoping someone could pick the bones out of what's available and post a bit of sample code in here?
0
 
LVL 1

Expert Comment

by:jh71283
ID: 17037244
Will your users have a login portal? If so, this will make it easier for this task.
0
 
LVL 1

Expert Comment

by:jh71283
ID: 17037269
or, is it acceptable for you to have a guid passed in the querystring?

This all depends on your reasons for not using querystrings in the first place, eg if it is to look neat, or so that sensitive info is not visible iin the address bar...
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 1

Expert Comment

by:jh71283
ID: 17252827
I assumed the issued was resolved, as there was no response to my queries.
0
 
LVL 19

Expert Comment

by:DreamMaster
ID: 17254895
It would at least not have hurt for chii0ut to have come back to the question and ask for more help if our suggestions had not helped at all.

Regards,
Max.
0
 
LVL 3

Author Comment

by:chiii0ut
ID: 17255413
Yes - very sorry about that :(

This is where the site is at the moment:
http://chilcouk.spike.dotnetted.co.uk/PS2_Games.aspx

It's on temporary space until it's ready to move the domain over.

If you click on the login tab, it takes you to a temporary ssl folder which to be honest I'm not sure if it's just a subfolder or a virtual directory - I've emailed the isp and will post their comments if this thread is kept open.

0
 
LVL 3

Author Comment

by:chiii0ut
ID: 17255677

The hosting co replied:

"As you're using shared SSL the ssl enabled URL will be under a different domain to the rest of your site and session state will be lost - there's further information on this here : http://www.dotnetted.co.uk/support/dotnetted/ssl_shared_cert.asp  "

"Whereas a full cert would work fine - you could swap between http://www.chilloutgames.co.uk and https://www.chilloutgames.co.uk without losing session information."



0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
ID: 17389806
PAQ / Refund
ee ai construct, community support moderator
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

AJAX ModalPopupExtender has a required property "TargetControlID" which may seem to be very confusing to new users. It means the server control that will be extended by the ModalPopup, for instance, if when you click a button, a ModalPopup displays,…
In .NET 2.0, Microsoft introduced the Web Site.  This was the default way to create a web Project in Visual Studio 2005.  In Visual Studio 2008, the Web Application has been restored as the default web Project in Visual Studio/.NET 3.x The Web Si…
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now