Active TopicsActive Topics  Display List of Forum MembersMemberlist  HelpHelp   RegisterRegister  LoginLogin
ISAPI_Rewrite 2.x support forum
 Helicon Tech : ISAPI_Rewrite 2.x support forum
Subject Topic: Mask Domain Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
stibstibstib
Newbie
Newbie


Joined: 07 August 2008
Online Status: Offline
Posts: 2
Posted: 07 August 2008 at 5:54pm | IP Logged Quote stibstibstib
Hi, i'm doubtful whether what i'm trying to achieve is possible but i thought here was the best place to try to get some advice!

Basically my issue is that I'm trying to set up a website that will run from two domains, one for the main site and the other for the secure areas.

e.g
main site with domain: http://www.mydomain.com
secure site with domain: https://mydomain.secure.com

Now my problem is the fact that sessions aren't accessible cross domains, so if I add something to session on http://www.mydomain.com it's not accessible from https://mydomain.secure.com.

What I was hoping to do was use ISAPI Rewrite to essentially run the site from the domain http://mydomain.secure.com and somehow mask it as if it's running from http://www.mydomain.com like so:

RewriteCond Host: www\.mydomain\.com
RewriteProxy (.+) http\://mydomain.secure.com$1 [I,U]

but this didn't work, it successfully ran but sessions were not obtainable on the secure site.

Does anyone know if this is possible?

Thanks for any help at all!

Steve
Back to Top View stibstibstib's Profile Search for other posts by stibstibstib
 
Lexey
Moderator Group
Moderator Group


Joined: 15 August 2002
Location: Russian Federation
Online Status: Offline
Posts: 7598
Posted: 07 August 2008 at 7:45pm | IP Logged Quote Lexey
That will not work unless your servers are sharing some common sessions store (like DB or ASP.NET shared sessions service) because session ID generated on an isolated server references an object on this server. For another server it will either make no sense or will point to a completely different object.

Edited by Lexey - 07 August 2008 at 7:46pm
Back to Top View Lexey's Profile Search for other posts by Lexey
 
Lexey
Moderator Group
Moderator Group


Joined: 15 August 2002
Location: Russian Federation
Online Status: Offline
Posts: 7598
Posted: 07 August 2008 at 7:47pm | IP Logged Quote Lexey
Moreover even with a common store that may not work since secure and non-secure sites may have different session ID generation logic and may use different cookie domains.
Back to Top View Lexey's Profile Search for other posts by Lexey
 
stibstibstib
Newbie
Newbie


Joined: 07 August 2008
Online Status: Offline
Posts: 2
Posted: 08 August 2008 at 4:52am | IP Logged Quote stibstibstib
Hi Lexey, yeah I feared that was the case. We do have a common stotre (Our sessions are stored in SQL) but different Session IDs are still generated. It was more a stab in the dark idea!

We were hoping if we ran things this way we would only need one wildcard secure certificate to run a number of sites from - we are trying other possibilities but I'd hoped this might work. damn!

Cheers
Back to Top View stibstibstib's Profile Search for other posts by stibstibstib
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum