Is it possible to use mixed cookieless sessions with cookie sessions?
是否可以将无cookie的混合会话与cookie会话一起使用?
I've an application that captured user details and then redirect for payment to an ssl page. I was wondering if this is possible?
我有一个应用程序,它捕获用户详细信息,然后将支付重定向到ssl页面。我想知道这是否可能?
http://www.mydomain.com/confirm.aspx
http://www.mydomain.com/confirm.aspx
redirects to
重定向到
https://www.mydomain.com/(S(za1tw2l2k02jer4fiskzlovd))/payment.aspx
https://www.mydomain.com/(S(za1tw2l2k02jer4fiskzlovd))/ payment.aspx
Note: the session Id in the latter url.
注意:后一个url中的会话Id。
So in essence, we use the standard cookie session for the majority of the application but when we transfer to an ssl page we pass the SessionId to the https url to pick up the session. I've tried this locally but it starts a new session.
因此,本质上,我们使用标准cookie会话来处理大多数应用程序,但当我们将其传输到ssl页面时,我们将SessionId传递给https url以获取会话。我已经在本地尝试过了,但是它开始了一个新的会话。
Am I missing a trick?
我错过什么把戏了吗?
Thanks
谢谢
1 个解决方案
#1
2
I've found a solution that seems to work
我找到了一个可行的解决方案
When transfering between http and https i've the following:
在http和https之间传输时,我有以下几点:
As you can see I'm passing the session id manually to the https page.
如您所见,我正在将会话id手动传递到https页面。
protected void btnPurchase_Click(object sender, EventArgs e)
{
// Confirm puchase code **
string sslPaymentPath = string.Format("https://{0}/payment.aspx?sid={1}", Request.Url.DnsSafeHost, Session.SessionID);
Response.Redirect(sslPaymentPath);
}
Upon reaching the ssl page, asp.net sees the request as a new session so I use the Start_Session method in the global.asax to abandon the newly created session and add a new session cookie with the session id passed in from the query string. Because the AquireSessionState which populates the session keyValue pair has already been run by this point I need to redirect the page back to itself to repopulate those values.
到达ssl页面后,asp.net将请求视为一个新的会话,因此我在全局中使用Start_Session方法。asax将放弃新创建的会话,并使用从查询字符串传入的会话id添加一个新的会话cookie。因为填充会话keyValue对的AquireSessionState已经在这一点上运行,所以我需要将页面重定向回自身,以重新填充这些值。
It seems to work really well :)
它似乎工作得很好:)
void Session_Start(object sender, EventArgs e)
{
bool isPaymentPage = (Request.Path.ToLower().IndexOf("payment.aspx") != -1);
// Code to load session over ssl. When changing between two sessions
if (isPaymentPage && Request.QueryString["sid"] != null && Request.IsSecureConnection)
{
string passedSessionId = Request.QueryString["sid"];
Session.Abandon();
Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", passedSessionId));
Response.Redirect(Request.Url.LocalPath, true);
}
}
Also with regard to somebody clicking on an external link whilst browsing the ssl purchase.aspx page i've written following in the global.asax to redirect traffic back to standard none ssl pages if it's not the payment page.
另外,当某人在浏览ssl购买时点击了一个外部链接。我在全局中编写了aspx页面。asax将流量重定向到标准的无ssl页面,如果它不是支付页面。
void Application_BeginRequest(object sender, EventArgs e)
{
bool isPaymentPage = (Request.Path.ToLower().IndexOf("payment.aspx") != -1);
// In the case someone has navigated away from the payment page redirect them back to the none secure protocol.
if (!isPaymentPage && Request.IsSecureConnection)
{
bool isAxdResource = (Request.Path.ToLower().IndexOf(".axd") != -1);
if (!isAxdResource)
{
string url = Request.Url.AbsoluteUri.ToLower().Replace("https://", "http://");
Response.Redirect(url,true);
}
}
}
Hope somebody finds this useful, I was stuck for a while trying to come up with a nice solution.
希望有人发现这个有用的,我被困了一段时间,试图想出一个好的解决方案。
My inspiration came from this url.
我的灵感来自这个url。
#1
2
I've found a solution that seems to work
我找到了一个可行的解决方案
When transfering between http and https i've the following:
在http和https之间传输时,我有以下几点:
As you can see I'm passing the session id manually to the https page.
如您所见,我正在将会话id手动传递到https页面。
protected void btnPurchase_Click(object sender, EventArgs e)
{
// Confirm puchase code **
string sslPaymentPath = string.Format("https://{0}/payment.aspx?sid={1}", Request.Url.DnsSafeHost, Session.SessionID);
Response.Redirect(sslPaymentPath);
}
Upon reaching the ssl page, asp.net sees the request as a new session so I use the Start_Session method in the global.asax to abandon the newly created session and add a new session cookie with the session id passed in from the query string. Because the AquireSessionState which populates the session keyValue pair has already been run by this point I need to redirect the page back to itself to repopulate those values.
到达ssl页面后,asp.net将请求视为一个新的会话,因此我在全局中使用Start_Session方法。asax将放弃新创建的会话,并使用从查询字符串传入的会话id添加一个新的会话cookie。因为填充会话keyValue对的AquireSessionState已经在这一点上运行,所以我需要将页面重定向回自身,以重新填充这些值。
It seems to work really well :)
它似乎工作得很好:)
void Session_Start(object sender, EventArgs e)
{
bool isPaymentPage = (Request.Path.ToLower().IndexOf("payment.aspx") != -1);
// Code to load session over ssl. When changing between two sessions
if (isPaymentPage && Request.QueryString["sid"] != null && Request.IsSecureConnection)
{
string passedSessionId = Request.QueryString["sid"];
Session.Abandon();
Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", passedSessionId));
Response.Redirect(Request.Url.LocalPath, true);
}
}
Also with regard to somebody clicking on an external link whilst browsing the ssl purchase.aspx page i've written following in the global.asax to redirect traffic back to standard none ssl pages if it's not the payment page.
另外,当某人在浏览ssl购买时点击了一个外部链接。我在全局中编写了aspx页面。asax将流量重定向到标准的无ssl页面,如果它不是支付页面。
void Application_BeginRequest(object sender, EventArgs e)
{
bool isPaymentPage = (Request.Path.ToLower().IndexOf("payment.aspx") != -1);
// In the case someone has navigated away from the payment page redirect them back to the none secure protocol.
if (!isPaymentPage && Request.IsSecureConnection)
{
bool isAxdResource = (Request.Path.ToLower().IndexOf(".axd") != -1);
if (!isAxdResource)
{
string url = Request.Url.AbsoluteUri.ToLower().Replace("https://", "http://");
Response.Redirect(url,true);
}
}
}
Hope somebody finds this useful, I was stuck for a while trying to come up with a nice solution.
希望有人发现这个有用的,我被困了一段时间,试图想出一个好的解决方案。
My inspiration came from this url.
我的灵感来自这个url。