SSL/Session question

Peter Rooney · Nov 7, 2003

Hi,

Just a quick question, I have a login page that sits on a non secure
page, if the users login details are correct then a session is created
and they are passed to another non secure page, once this page is
displayed all links go to secure pages using SSL.

What seems to be happening is that when a link to a secure page is
followed the session is lost and the user is re-directed to the login
page, is something in the passing between secure and non secure pages
that is destroying the session? If I enter the front of the site using
the SSL everything works fine which is the reason for my question.

Thanks

Peter

Ray at · Nov 7, 2003

This is true that session variables won't be carried between http and https
pages.

Shouldn't the user be logging in over ssl anyway though? If you aren't
encrypting the login, what's the point? Even if the login page is not
https, at least have the form submit to https.

Ray at work

Peter Rooney · Nov 10, 2003

Hi Ray,

Thanks for coming back to me, yes you are correct I have since moved the
login page over to the ssl, I figured that was the reason but just for
my own learning process I just wondered if transfering between http and
https would destroy a session.

Many thanks again for you reply

Peter

Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples.	2	May 5, 2023
ASP Session, Cookies and SSL	1	Sep 26, 2004
Maintain session between an SSL page and Non SSL page	0	Oct 5, 2006
Demonstration of a Self-Written HTTP Server for an Online Store	0	Nov 12, 2024
Session variables and SSL	2	Feb 10, 2004
Session variable, security, SSL, I'm confused	9	Sep 19, 2007
Session in SSL	1	Sep 13, 2004
ASP.NET and SSL question	5	Jan 9, 2008

SSL/Session question

Peter Rooney

Ray at

Peter Rooney

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads