session-state

We're developing a web shop, and process payments with a third party UI. We have chosen to show the payment UI inside an iframe inside out check-out page, even though (we now realize), the payment solution provider recommend using a top-level window. Now what happens is that in IE7/IE8, the payment UI loses session state on the first postback (inside the iframe), while in Firefox, it works just fine. We observe that the payment UI is developed using ASP.NET. I was under the impression that as far as the server is concerned, there is no difference between being referenced from an iframe versus

I want to share sessions among 2 applications on different nodes; however, I am confused what the difference is between Cookie and Redis session stores; e.g. a cookie session might look like this: rack.session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiJFN2YxZDMxMGE5YTNhZjc2NGM1NDBk%0AMzdiODQ0MjcyMzk5MzAxY2YyYzdhNDMwOWVkMzhiNWVlMmY2N2QwYzExNg%3D%3D%0A--ec4ec7b5a807c806e02e2811f4a11d05877a7698 In Redis, a session-store, might look like this: rack:session:eb23c0a055e9e6de3b8ad51efd9g6260d647b2e61326e35f5ff59cd490bfb405" However, I am confused how these sessions can be shared. Whereas in a cookie approach, a

In JSF, it seems that sessions are created before a successful login. i.e. simply requesting the login page causes a new session to be created. It seems very wasteful (and vulnerable to DDoS attacks) to create a session for each request received, rather than each successfully logged in user. The code below is pretty generic, but shows the kind of simple scenario I'm referring to. index.xhtml: <html> <body> <h:form id="login"> <h:outputLabel for="username">Username</h:outputLabel> <p:inputText id="username" name="username" value="#{userController.username}"/> <h:outputLabel for="password"

I'm hoping someone can clarify this behavior for me, and explain how ASP.NET is deciding when to treat something like a new Session. A) In Internet Explorer I load the ASP.NET site in question. It starts a new Session. B) If I go to menu File - New Window... it stays within the same Session. C) If I launch a new instance of Internet Explorer and load the same page it starts a new Session. I'm confused by step C. I'm expecting it to be the same session based on my remote IP. What is IIS / ASP.NET doing to decide that this is a new session? Is it looking at my remote port that the new instance

I have an IHTTPModule with an event handler for AuthorizeRequest. I would like to access the Session object but it is not yet initialized. Which event should I subscribe to in order to have the session object available as early as possible in the pipeline? You needd HttpApplication.PostAcquireRequestState event - http://msdn.microsoft.com/en-us/library/system.web.httpapplication.postacquirerequeststate.aspx . Also there is a HttpApplication.AcquireRequestState event. Don't forget to check if your handler implements IRequiresSessionState or IReadOnlySessionState, otherwise it will throw an