[ic] Norton BHO causing session loss

Peter peter at pajamian.dhs.org
Thu Mar 3 21:05:46 UTC 2011


On 04/03/11 09:58, Paul Jordan wrote:
> Exactly. This new https session ID stays the same only when on https
pages, so if I go back to http pages, I get my old session ID back
again, and if I go to https again, I get that same "new" session ID
back. So it continues to flip flop as I move around across http/https.
> 
>> Does the site work with cookies? Or you pass along the session ID in the
>> URLs everywhere? I assume cookies and perhaps there something goes wrong
>> when going from http to https ...
> 
>  
> The site works fine with Cookies on or off.
>  
> Any idea where to concentrate?

It sounds like Norton is blocking the session cookie from being passed 
from the non-secure page to the secure page, and so they get isolated 
and end up with their own separate session IDs.

Try commenting out this line from catalog.cfg and see if it helps:
ScratchDefault  mv_no_session_id  1

Doing the above will, of course, stick session IDs into all your URLs, 
but we can concentrate on a better workaround once it's determined that 
the above works.


Peter




More information about the interchange-users mailing list