.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Do Session Variables Persist between HTTP and HTTPS?

Posted By:      Posted Date: October 19, 2010    Points: 0   Category :ASP.Net

Hey guys,

Just wondering whether or not Session Variables that are declared and set while in a HTTP session will continue to exist if the users session moves to HTTPS?


Hope I'm making sense.



View Complete Post

More Related Resource Links

Session and Application Variables


I have a web application in which i need to logout the user if he clicks the logout button or even if he closes his browser window. On Logout button click, i am doing session.Abandon(), but how to go about his browser window close.

Can anybody help with a code sample.

How to switch between HTTP and HTTPS in ASP.NET MVC2


ASP.NET MVC2 has the new RequireHttpsAttribute that you can use to decorate any action to force any non-secure request to come through HTTPS (SSL).  It can be used as simply as this:

        public ActionResult LogOn()

Now any request to the LogOn action that is not over HTTPS will automatically be redirected back to itself over HTTPS.  This is very useful and easy to implement.

Unfortunately though, once the scheme is changed to HTTPS, all following requests will also be under HTTPS, which is not necessarily what you want.  In most cases you do not need all requests to your site to be secure but only certain ones such as the logon page or pages that accept credit card information. 

To handle this you can override the Controller.OnAuthorization method.  From within this method, you can check to see if the RequireHttps attribute is set on the Controller Action by searching the Attributes collection of the ActionDescriptor object. If the RequireHttpsAttribute is not set AND the request is under SSL, then return a redirect result to the HTTP (no

workflows on https: versus http:

I have a production site that uses https:.  I noticed that if I access the site with http instead, the workflows don't start.  Can anyone explain that to me please?

ASP.NET MVC 2 - I have a serious concern about the management of session variables.


I have a serious concern about the management of session variables.
I state that I have Windows Web Server 2008.
Currently values in the controller and call a session variable like this:
I have an action in as:
System.Web.HttpContext.Current.Session ['name'] = id_userlogged;

Defining session variables...



This is a pretty basic question.

I have some code where I need to define a session variable  however it's coming back as Nothing when the code is executed. Here's the code:

' Default Currency

REQCURR = Request.Querystring("p_DCURR")
'If not explicitly specified, try to get it from session

If (REQCURR = "") Then

     If (Session("REQCURR") <> "") Then
          REQCURR = Session("REQCURR")

          'Here is the session variable I'm trying to define:
          Session("REQCAD") = 0
          REQCURR = ""
     End If

End If


So, for some reason that Session("REQCAD") = 0 has no value instead of having a value of 0.

Any thoughts?


why does WSDL file have httpS? i just need http

I built my c# web service.  Tested it.  I built my android app.  Tested it.  All is well.  I tried to get these things to talk to each other...FAIL.  I found these lines in my wsdl. <wsdl:service name="Service1"> - <wsdl:port name="Service1Soap" binding="tns:Service1Soap"> <soap:address location="" /> </wsdl:port> - <wsdl:port name="Service1Soap12" binding="tns:Service1Soap12"> <soap12:address location="" /> </wsdl:port> </wsdl:service> What decided that the path should be https?  I never told it that.  It is overriding IIS which says everything should be http.  Someone please help me before I go ballistic.  Oh and for others developing on android 2.2, it won't take unsigned certs, so you either have to configure a local certificate authority or go http. 

switch between http to https

What is the best way to switch to https from http for some of my aspx pages. Currently, I"m using relative page for all pages.

User permissions in SharePoint 2010 act differently in http and https

I installed SharePoint 2010, created a site (complete with a document library), and assigned user permissions.  Additionally, I set up certificate authentication for all users.  Two problems occur: 1. As the system administrator, when I access the https site, I no longer have permissions to add/edit users 2. When user's, who have permissions to edit/add a document/folder click on "Add document" or the folder icon to add a new folder, they get an error. Any help is much appreciated.

Need to access session variables in an ashx?

Dear All,In my project i need to set session in an ashx file and access that session in aspx.cs file. for this i am dooing the following things.In .ashx filepublic class Upload : IHttpHandler , System.Web.SessionState.IRequiresSessionState{    public void ProcessRequest(HttpContext context)    {            HttpPostedFile postedFile = context.Request.Files["Filedata"];            context.Session["img"] = postedFile.FileName;    }}After the file upload happand i wrote the code in .aspx.cs fileprotected void Button1_Click(object sender, EventArgs e)    {        Response.Write(Session["img"].ToString());    }this is working fine in IE but in Mozilla,Chrome,safari and Opera i got Session["img"] is null. Any help can be appreciatedThanks & Regards Basheer K M Cybrosys Technologies Pvt. Ltd. Calicut. http://www.cybrosys.com

Using Global.asax to Set Session Variables Pulled From SQLServer

I have a custom class that pulls user information from a SQL Server table. Now that I'm expanding the site from a single page to others. I want to shift the code to the Session_Start event so that the information is always loaded when the site is accessed. How do I call my custom code from global.asax since its script and not a class. 

WCF fails to work for HTTPS & HTTP

Currently I am having an issue with getting my WCF ajax calls to work with HTTPS. I get a javascript error telling me the service cannot be found. We need to be able to be able to access the site through http and https. We have some of our consultants who cannnot access the site via their client site without using https. We need both http and https to work. Here is my web.config as is now...   <system.serviceModel> <behaviors> <endpointBehaviors> <behavior name="Time.AjaxServiceAspNetAjaxBehavior"> <enableWebScript /> </behavior> </endpointBehaviors> </behaviors> <bindings> <webHttpBinding> <binding name="webHttpBindingAuthenticated" sendTimeout="00:04:00"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Ntlm" /> </security> </binding> </webHttpBinding> </bindings> <serviceHostingEnvironment aspNetCompatibilityEnabled="true" > <baseAddressPrefixFilters> <add prefix="http://www.ourdomain.com"/> </baseAddressPrefixFilters> </serviceHostingEnvironment> <services> <service name="Time.AjaxService"> <endpoint address="" behaviorConfiguratio

session variables and master pages

Hi all: I have a master page and 2 content pages. In the master page I use a session variable. As it, I suppose this session variable is read by the two content pages. But it isn't working. This session variable is read by the first content page and not the second. Why? Thanks in advance if you can help me      

Session Variables and Session Timeouts

I added the following code to global.asax to load up several session variable when a session starts. I'm assuming that when a page goes to use the variable that I should be 1) checking at the page level that the value is valid not 0 when its not expected to be 0, not a zero-length string when its expected to have a length 2) have code at the page level that sets the values if the values have not been set as when the Session timeout, ideally putting the code in a class derived from Page and then deriving all of my pages from the new class so that the code does not have to be repeated in every page Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs) ' Code that runs when a new session is started 'Move code here that sets the User Session Variables, currently done in the code behind of DefaultDirectory and the Dashboard Masters Dim ExceptionMessage As New StringBuilder ExceptionMessage.Append("Site accessed using " + Request.Browser.Browser + " " + Request.Browser.MajorVersion.toString + "." + Request.Browser.MinorVersion.tostring) Dim NewException As New NotSupportedException(ExceptionMessage.ToString) Elmah.ErrorSignal.FromCurrentContext().Raise(NewException) Dim CurrentUser As New MercurySiteUser.SiteUser() Session("UserE

Sharing the session variables between two .net applications using SQL Server Mode?

Hi, I have two different IIS applications within the same domain(let us say www.mydomain.com) , both of these applications use the same database instance(same connectionstring), now what I want is that both of applications can see each sessions variables , can SQL Server session state mode helps in this case? Did someone try that before? Is there any other way to share the session variables? Please help.  

Yahoo Contacts API causes problems (HTTP to HTTPS and back to HTTP)


Dear All, 

I have an asp.net website hosted in a shared hosting environment. I also registered my site to have Yahoo and Google App IDs so that I can user their Social APIs to import my user's contacts (via OAuth). So everything was running fine until I've installed a SSL certificate. My site uses forms authentication which redirects each request to http://mysite.com/account/login.aspx now I wanted this page to be delivered via HTTPS so I wrote the following code in the Page_Init event of the login.aspx page:

    Protected Sub Page_Init(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Init
        If Not Request.IsSecureConnection Then
            Dim RetUrl As String = Request.Url.ToString.Replace("http", "https")
        End If
    End Sub

so it did the right thing for me. When user is authenticated using Forms Authentication it redirects the user to the UserHome.aspx page but with the HTTPS

URL is: https://mysite.com/userhome.aspx

so now each and every request is served using HTTPS and this is not a big problem but the Y

How to pass session variables from .net to coldfusion


We are in the process of refactoring from cf to .net, so, I am working on the Login page and converting it from cf to .net. So, when I am autheticated and enter into our website, I need to redirect it to a cfm page (just temporary, since we will be refactoring that also eventually).

So, I am autheticated (using CustomMembership Provider model for sql server) and then when I redirect to the cfm, the app.cfm should validate the .net session variables. Here is where i am stuck:

I have the .net session variables in the aspx side:something like

Session["UserId"].ToString() = Value from a login txt box (also authenticated against data in the database)

Session["UserName"].ToString() = Value from the db corresponding to the User Name entered in the text box.



So, now I have all the session variables in the .net side. Now, how do I retreive these .net session in the cf side? Any small peice of code to retrive the asp.net session variable in the application.cfm side would be great.

ASP.NET session variables, do you need to save each time?


Anytime you change the object variable that is already assigned to a session variable, do you need to "re-save" the variable back into the session variable or does it do it automatically?

For example:

// abc is an object of some random type

Session["abc"] = abc;  // initial declaration of session variable.

abc.a=1;  // updated abc.a field after a button_click event

Session["abc"] = abc;   // resave the new field value of 'a' back into the session variable 'abc'.

Or does the session variable already keep track of all changes made to the object and saves automatically?


ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend