I need to be able to move from one web app on my server to another on the
same server and preserve the session state. I have played with
server.transfer but I get an error saying I can't do this. How can I
accomplish this. I don't think redirects with session state being passed in
the url makes any sense from a security standpoint.
--
BarryHow about a secure form post then to a page in the
other web app, carring session info and re-establishing
it?
"barryfz" <barry@.noemail.noemail> wrote in message
news:esTUn5IPGHA.3840@.TK2MSFTNGP14.phx.gbl...
> I need to be able to move from one web app on my server to another on the
> same server and preserve the session state. I have played with
> server.transfer but I get an error saying I can't do this. How can I
> accomplish this. I don't think redirects with session state being passed
in
> the url makes any sense from a security standpoint.
> --
> Barry
>
Server.Transfer does not affect the Session state as far as I know. Is
session what you meant ?. You can set a session var in one form, transfer to
form 2 and the variable will still be there in session.
Terry Burns
http://TrainingOn.net
"Raymond" <undsclsed@.nothee.net> wrote in message
news:wu0Nf.31433$pE4.25921@.trnddc04...
> How about a secure form post then to a page in the
> other web app, carring session info and re-establishing
> it?
>
> "barryfz" <barry@.noemail.noemail> wrote in message
> news:esTUn5IPGHA.3840@.TK2MSFTNGP14.phx.gbl...
> in
>
Terrry
I need to transfer to a page in a different site. I am getting an error
saying I can't do that in server.transfer. Maybe I am doing something wrong.
Barry
"Terry Burns" <me@.mine.com> wrote in message
news:u6UT8SJPGHA.3888@.TK2MSFTNGP12.phx.gbl...
> Server.Transfer does not affect the Session state as far as I know. Is
> session what you meant ?. You can set a session var in one form, transfer
> to form 2 and the variable will still be there in session.
> --
> Terry Burns
> http://TrainingOn.net
> "Raymond" <undsclsed@.nothee.net> wrote in message
> news:wu0Nf.31433$pE4.25921@.trnddc04...
>
What you are trying to do is unnatural. The main reason separate
applications exist is so they can maintain separate application state.
That said, there are ways to do it but they are not simple if you're dealing
with very much data. Its a very manual process to pass data between
applications. You can pass data via querystring or a common backend
database, etc.
I hope this helps,
Steve C. Orr
MCSD, MVP
http://SteveOrr.net
"barryfz" wrote:
> I need to be able to move from one web app on my server to another on the
> same server and preserve the session state. I have played with
> server.transfer but I get an error saying I can't do this. How can I
> accomplish this. I don't think redirects with session state being passed i
n
> the url makes any sense from a security standpoint.
> --
> Barry
>
>
Probably not if the domain is different. There may be
other ways to do it, but the simplest way is to redirect
via a form post and re-establish session using form post
data.
"Terry Burns" <me@.mine.com> wrote in message
news:u6UT8SJPGHA.3888@.TK2MSFTNGP12.phx.gbl...
> Server.Transfer does not affect the Session state as far as I know. Is
> session what you meant ?. You can set a session var in one form, transfer
to
> form 2 and the variable will still be there in session.
>
Barry,
As Steve and others may have pointed out, Server.Transfer only is designed
to work within the current IIS application.
What you would need to do if you do not want to pass session information on
the querystring or as hidden formfields is to set up a custom database or
other persistent storage mechanism to store and then retrieve by
"customSessionId" the information you need once the redirect lands on the ne
w
site.
Peter
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com
"barryfz" wrote:
> I need to be able to move from one web app on my server to another on the
> same server and preserve the session state. I have played with
> server.transfer but I get an error saying I can't do this. How can I
> accomplish this. I don't think redirects with session state being passed i
n
> the url makes any sense from a security standpoint.
> --
> Barry
>
>
Raymond,
I am not sure what you mean by domain? While these are different apps they
are on the same server, just different sites.
If I pass this a part of post don't I then allow someone to hijack the data
being posted and use it to gain access?
Barry
"Raymond" <undsclsed@.nothee.net> wrote in message
news:wO0Nf.31438$pE4.6074@.trnddc04...
> Probably not if the domain is different. There may be
> other ways to do it, but the simplest way is to redirect
> via a form post and re-establish session using form post
> data.
>
> "Terry Burns" <me@.mine.com> wrote in message
> news:u6UT8SJPGHA.3888@.TK2MSFTNGP12.phx.gbl...
> to
>
Steve,
I really just need to pass the authentication.
Barry
"Steve C. Orr" <Steve@.Orr.net> wrote in message
news:1E3F794F-B153-4CB8-BF01-B63832F89A4D@.microsoft.com...
> What you are trying to do is unnatural. The main reason separate
> applications exist is so they can maintain separate application state.
> That said, there are ways to do it but they are not simple if you're
> dealing
> with very much data. Its a very manual process to pass data between
> applications. You can pass data via querystring or a common backend
> database, etc.
> --
> I hope this helps,
> Steve C. Orr
> MCSD, MVP
> http://SteveOrr.net
>
> "barryfz" wrote:
>
Sorry, I misread you. This is correct, you cannot use server transfer to a
different site. Applications are isolated from each other and so a session
in one does not relate to a session in another. One way is to preserve the
session valriables in an SQL database but you need to serialie them for
storage and de-serialize them on retreival.
Terry Burns
http://TrainingOn.net
"barryfz" <barry@.noemail.noemail> wrote in message
news:OCDTjUJPGHA.3864@.TK2MSFTNGP10.phx.gbl...
> Terrry
> I need to transfer to a page in a different site. I am getting an error
> saying I can't do that in server.transfer. Maybe I am doing something
> wrong.
> Barry
>
> "Terry Burns" <me@.mine.com> wrote in message
> news:u6UT8SJPGHA.3888@.TK2MSFTNGP12.phx.gbl...
>
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment