[ic] Norton BHO causing session loss

Paul Jordan paul at gishnetwork.com
Thu Mar 3 20:58:31 UTC 2011


> > > Gert said
> > > > IC 5.6.3:
> > > > FullURL 1
> > > > NoAbsolute Yes
> > > > MaxServers 5
> > > > PIDcheck 300
> > > >
> > > > Aapche:
> > > > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> > > > downgrade-1.0 force-response-1.0
> > > >
> > > > NotRobotUA includes MSIE
> > > >
> > > > I am seeing people getting a new session ID when travelling to an SSL
> > > > encrypted page.
> > >
> > > This is when they go from NonSSL to SSL for the same site?
> >
> > Hi Gert
> >
> > Are you asking if my http & https servers the same server? Yes.
> >
> > > And after that? Does it keep the session ID or does it keep changing?
> >
> > I end up with two session ID's, one for http and one for https, and once I
> > have them they stay the same. So when on http pages, the session ID is
> > always 123, and when on https, it's always ABC, it doesn't keep chaning
> > each time I make the transition.
> >
> > > And when you start directly on SSL does it keep it or does it change?
> >
> > Interesting, if I arrive on the site in https, I get and keep a single
> > session ID, so it works in that respect.
> >
>
> So the problem happens the moment someone goes from HTTP to HTTPS for this
> website (checkout pages, login pages etc) ... They start out on
> http://www.domain.com/ ... happily going, session ID is the same, then
> they go do something that requires SSL get directed to
> https://www.domain.com/ ... this causes getting a new session ID, which
> then stays the same while continuing to surf ... right?

 
Exactly. This new https session ID stays the same only when on https pages, so if I go back to http pages, I get my old session ID back again, and if I go to https again, I get that same "new" session ID back. So it continues to flip flop as I move around across http/https.
 

> Does the site work with cookies? Or you pass along the session ID in the
> URLs everywhere? I assume cookies and perhaps there something goes wrong
> when going from http to https ...

 
The site works fine with Cookies on or off.
 
Any idea where to concentrate?
 
 
 
Paul
 
  		 	   		  


More information about the interchange-users mailing list