Geek asks and answers

Asp.net can you mix cookieless with cookie session data?

Can I use mixed cookieless sessions with cookie sessions?

I have an application that captures user details and then redirects it to ssl page. I was wondering if this is possible?

http://www.mydomain.com/confirm.aspx

redirected to

https://www.mydomain.com/(S(za1tw2l2k02jer4fiskzlovd))/payment.aspx

Note: Session ID in the last URL.

So, essentially, we use a standard cookie session for most applications, but when we go to the ssl page, we pass the SessionId to https-url to pick up the session. I tried this locally, but it starts a new session.

Am I missing a trick?

thank

+3
source share
1

,

http https :

, https.

protected void btnPurchase_Click(object sender, EventArgs e)
{
        // Confirm puchase code **

        string sslPaymentPath = string.Format("https://{0}/payment.aspx?sid={1}", Request.Url.DnsSafeHost, Session.SessionID);

        Response.Redirect(sslPaymentPath);

}

ssl asp.net , Start_Session global.asax cookie , . AquireSessionState, keyValue , , , .

, :)

    void Session_Start(object sender, EventArgs e)
    {
        bool isPaymentPage = (Request.Path.ToLower().IndexOf("payment.aspx") != -1);

        // Code to load session over ssl. When changing between two sessions
        if (isPaymentPage && Request.QueryString["sid"] != null && Request.IsSecureConnection)
        {
            string passedSessionId = Request.QueryString["sid"];
            Session.Abandon();
            Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", passedSessionId));
            Response.Redirect(Request.Url.LocalPath, true);
        }
    }

, - , ssl purchase.aspx, global.asax, ssl, .

void Application_BeginRequest(object sender, EventArgs e)
    {
        bool isPaymentPage = (Request.Path.ToLower().IndexOf("payment.aspx") != -1);

        // In the case someone has navigated away from the payment page redirect them back to the none secure protocol.
        if (!isPaymentPage && Request.IsSecureConnection)
        {
            bool isAxdResource = (Request.Path.ToLower().IndexOf(".axd") != -1);

            if (!isAxdResource)
            {
                string url = Request.Url.AbsoluteUri.ToLower().Replace("https://", "http://");
                Response.Redirect(url,true);
            }
        }
    }

, - , , .

URL.

+2

More articles: