View Single Post
  #1 (permalink)  
Old July 22nd, 2004, 04:51 PM
jtyson jtyson is offline
Authorized User
 
Join Date: Jun 2003
Location: , , .
Posts: 30
Thanks: 0
Thanked 0 Times in 0 Posts
Default redirect with SSL/cookieless sessions problems

Hi,

I have a site that uses cookieless sessions. My site consists of a main directory and a subdirectory "Members" on which I require secure channel(SSL).

I know that cookieless sessions only work with relative Urls, while I learned when programming my default login page to redirect to Members/MyCareConnections that going from http to https requires a fully qualified Url. This is what I did in my default redirect and it worked:

Dim originalUrl As String = "/Members/MyCareConnections.aspx"

Dim modifiedUrl As String = "https://www.careconnections.com" & Response.ApplyAppPathModifier(originalUrl)

Response.Redirect(modifiedUrl)

Now I'm working on a page within the Members SSL-enforced subdirectory. I figured once I was within that directory I could just use relative Urls when redirecting. This is what the view source showed for the redirect:

<BODY><ASP_SMARTNAV_RDIR url="/(4ffx3hzsdiavwf55spwq5vri)/Members/PatReg_Confirmation.aspx?id=26875501"></ASP_SMARTNAV_RDIR></BODY>

That did not work. Nothing happens on this page when the event that causes the redirect fires, except that the page goes blank (the address in the browser bar remains on the page). So I figured it must be some similar issue, and wrote this:

Dim originalUrl As String = "PatReg_Confirmation.aspx?id=" & txtNewPatRegID.Text

Dim modifiedUrl As String = "https://www.careconnections.com" & Response.ApplyAppPathModifier(originalUrl)

Response.Redirect(modifiedUrl)

When I view source, this is what I see, which looks correct, and when I copy this address and paste it into the browser it actually brings that page up:

<BODY><ASP_SMARTNAV_RDIR url="https://www.careconnections.com/(4ffx3hzsdiavwf55spwq5vri)/Members/PatReg_Confirmation.aspx?id=26875500"></ASP_SMARTNAV_RDIR></BODY>

So I have no idea why this page won't redirect at this point. Is this an IIS thing? I don't have a global.asax, and my web.config sits in the main directory with <sessionState mode="InProc" cookieless="true" timeout="8" />. Is there a problem with my web.config sitting in a non-SSL parent folder and pages in the child SSL folder trying to use it/cookieless sessions?

I would greatly appreciate any help you can offer, I'm in a bad spot right now.

Thanks,

John