Http post request cross domain retaining session variables

Hi all,

I have an asp page with an httppost request to bypass login for another .net page on another domain.  This works fine and returns the results as expected.  I am having difficulty when navigating away from the resulting page as the post request I have made is simply response.write of the xml returned so the page stays on the old domain without a redirect to the new site.  Therefore any links I have on the new page do not work without using the fullpath to the page, same goes for any buttons which do postback as the page does not exist on the asp site.  I am at present storing the currentURL in a session variable so this can be used throughout the site, when I try to navigate away from the page it does so but the session variable is then lost and so redirecting to a page after this does not include the fullpath and so the browser is looking for the next page on the original domain where it does not exist.

Is there any way I can retain session variables throughout these pages?  Or another solution I a missing with this?  I am using an httppost request because of the bypass of the login screen from one domain to another, I cannot pass these values on the querystring as I need to maintain the security integrity of the system.

Thanks in advance, joho

2/28/2008 9:18:35 PM 93655 articles. 6 followers. Follow

7 Replies

Similar Articles

[PageSpeed] 7
Get it on Google Play
Get it on Apple App Store


Hidden control on the page?  

Alexei Fimine
Don't forget to mark this post as "Answer" if it indeed answered.
2/28/2008 10:08:05 PM


I can't use a hidden control as I need the site to stay secure and no way for these values to be shown to the user.  Hidden controls will allow the user access to it's value and give an opportunity to gain access to the second site without permission.

The problem is that the session variables are stored on the second site (2nd server), and when I redirect the browser is looking for the page/session variables on the first site (1st server).  This is because I am writing out the xml returned from the httpPost and it is maintaining the state of the first site.

I have tried redirecting again once on the second site, but this does not work as it still writes out the xml and maintains the state of the first site even with a redirect in the second site.

Any other suggestions on ways around this?

Thanks, joho

2/29/2008 9:03:48 AM

Took a while to reply, as I had to shift projects around.  I don't think this is the answer as they are on different webservers.  Do you know if this is possible?


3/27/2008 12:57:24 PM

Hi Joho, I am trying to cross domain http post in aspx page. May I know how are you doing it at present?

Thanks in advance


3/27/2008 2:35:02 PM


I am just doing an http post request but setting the posturl to be where I want to post the form to, and then on the other page I am checking for the variables I have posted.  Example below (off top of head, so please omit any mistakes):

Dim xmlhttp, DataToSend, postUrl

postUrl = ""
DataToSend = "var1=value1&var2=value2&var3=value3"

Set xmlhttp = CreateObject("MSXML2.ServerXMLHTTP")
xmlhttp.Open "POST", postUrl, False
xmlhttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
xmlhttp.Send DataToSend

Response.write xmlhttp.responseText

This then displays the data from the page I have posted to on the page I have posted from, as it is simply returning the xml of that page.  This doesn't work when I am using 2 separate webservers for each site, as when I am clicking on links from the returned xml, it is trying to locate the page to navigate to on the first webserver and the page actually belongs to the second.  I can overcome this by specifying the full path of each page in the links, but this does not solve my problem with retaining session variables.

Does anyone have any ideas pelase?


3/27/2008 2:50:30 PM

 I have had a question regarding how I overcame this problem.  Sorry Poonam, your post is no longer available to reply directly!

Basically, I could not overcome this problem using session variables cross domain, so stored them in the db against a GUID which was passed on the querystring as the sessionID to use.  Everytime the pages are loaded that require this, I check the db for the session details and then renew the GUID for this sending the new one back each time on the querystring, so the old one is no longer available and cannot be accessed at any other time.  This does mean all my navigation links are now dynamic but is something I can live with for this.

I could not think of any other way and the help I received wasn't the answer I was looking for.

Hope this helps anyone who comes accross this problem!

6/30/2008 8:43:44 AM

Similar Artilces:

Lost session variables on redirect after cross-domain httppost request
Hi all, I have an asp page with an httppost request to bypass login for another .net page on another domain.  This works fine and returns the results as expected.  I am having difficulty when navigating away from the resulting page as the post request I have made is simply response.write of the xml returned so the page stays on the old domain without a redirect to the new site.  Therefore any links I have on the new page do not work without using the fullpath to the page, same goes for any buttons which do postback as the page does not exist...

Web Part, Web Request, and HTML form Variables
I would like to build a web portal to display existing standalone web sites in separate web parts.  I was thinking I would need to use an IFRAME in a web part or have the web part do a web request and display the web response.  I would like to be able to monitor the http traffic between the web part and the existing web sites server so that I can perform additional processing on my server. Is there a way that I can capture (read only) the form variables/ hyperlink address when a user clicks a form submit button or hyper link in a web part that has an IFRAME? What if I used the w...

Could PB .NET Web Form POST security Information to others web page??
This is a multi-part message in MIME format. ------=_NextPart_000_00F9_01C9C4D5.8FB45C90 Content-Type: text/plain; charset="big5" Content-Transfer-Encoding: quoted-printable Hi,=20 Have anyone came across the requesion to POST security informations from = PB .NET web form web page to other web site?? I have tried many datys, Could any kind man give me some suggessions?? thanks & Best regards Leon ------=_NextPart_000_00F9_01C9C4D5.8FB45C90 Content-Type: text/html; charset="big5" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML P...

Web Post... Request.form
Hi guys, I am working on a windows service which has to simulate as if the data posted is coming from a webpage. The remote page is a classic ASP page, which is reading the data as request.form.. Any suggestions ?? I am currently using httpwebrequest.. which seems to be not doing what I want to achieve. Thanks heaps..Sunny NAGIProper Preparation Prevents Poor PerformanceDont forget to click "Mark as Answer" on the post that helped you. Hi everyone, Never mind.. I solved my problem it was due to SSL Cheers!Sunny NAGIProper Preparation Prevents Poor Perform...

How to post using http web request
Hi, any body can me how to post below form information using Http web request. // Home Get Started Learn Downloads ...

session variables in javascript on a web form
Hi All, I have master page on which I have written a javascript which open ups a new window when user clicks on menu item placed on the left side of master page. The javascript follows  function OpenWind()       {         <% if( HttpContext.Current.Session["Id"]==null) { %>                alert('Session Expired! Redirecting to login page!');           &nb...

Cross domain request for web font
Hi, I have a website in our corporate network that is visible to the outside world. This website use an external font hosting cloud service to use a custom web font. If I visit the site from my home computer, the web fonts render fine. If I visit the site from my work computer, the web fonts do not render. We have an internal proxy, but there is an exception listed in my network settings for the web server. I had our sysadmin add this to the Apache configuration file, but to no avail: AddType application/ eot AddType application/x-font-ttf ttf ttc Add...

Implementing .Net Form into an web form, can this be done
I am new here, but have been searching for a while, and may not have the correct lingo to find what I am looking for.  I am tasked with implementing a .exe application that was writen vb6 then converted to .net into a new website my team is developing. The idea is to put each of the 3 different forms in this .exe application of 3 different .aspx pages. I have attempted multiple things to get this into the page and even started to just rewrite it as an web form, but even then I can't reuse any of the code since the System.Web.UI.Page doesn't inherit the sa...

Session variables not pointing to Request.Form Values
I am trying to take the value a user inputs from a form and put it into a session variable.  The basic code (on Page1) is thus:Session("first_name") = Request.Form("first_name")If I reference the session variable on that same page (such as <%= Session("first_name") %>) it works fine.   However, when I go to a new page (Page2) it does not work anymore, the session variable just shows up blank.  If I go back to the first page and set the session variable equal to a simple string it works and will show up fine on both pages.  Like thu...

http handlers and web form post backs
Wondered if anyone could point me in the right direction for my problem? I have a http handler that captures .html requests and transfers them all to a default.aspx which then dynamically loads in all the web and user controls required for that web form. My problem is if I request, for example, contact.html it will load my contact form correctly but when I submit my contact form the action points to default.aspx. So when I submit it the user sees default.aspx in the address bar instead of the intended contact.html. I either need to change my http handler, modify the action of my ser...

2 http posts, one web form?
 Hi, A general question about http posts.  Can we have one form post to two different places? I have a page I'd like to post to an asp script that we have online.  Since .net pages can't have more than one set of form tags on them, this page creates an html page "on the fly" and posts IT to our central form-handling asp page, which determines the site it's from, and responds accordingly. In this new case, I want to render an html page and post it, but I would like to post some of the data to a second different url. So, the question is, can we ma...

Web Service: Invalid cross domain request
Hello All,I'm calling a WS from javascript, when working on localhost  everything works OK, but when the app is deployed to public it sends an error: The server method 'GenFilter' failed with the following error: Invalid cross domain requestWeb.config settings:<add verb="*" path="*.asbx" type="Microsoft.Web.Services.ScriptHandlerFactory" validate="false"/><add verb="*" path="iframecall.axd" type="Microsoft.Web.Services.IFrameHandler" validate="false"/><add verb="*" p...

Isolating HTTP request.form params within Session
We have an application that sends http posts to our ASP.NET web app, frequently in rapid succession. Each request comes from the same application (client) and uses the same credentials, so those requests all appear to be executing in the same session. I created a "request" object to contain the request.form params and instantiate it at session start. It looks like the next request is over-writing the session variables populated from the previous request before the previous request is finished. How do I ensure a unique session (and session variables) for each request when ...

Session Variables not retaining the values on page post back [:(]
Hi, I have a application(ASP.NET 2.0, C#) which works absolutely fine in my local development machine. But, once its deployed to my QA server, session variables are not retaining the values on page post back . But a different application(ASP.NET 2.0, C#) hosted on the same server works fine, with all session variables retaining the values. What is the work around? Any ideas appreciated Thanks in advanceIf you keep your feet firmly on the ground, you'll have trouble putting on your pants! HI, narik : Many reasons will cause session variables losing in the runtime. You can followi...

Session variable between web forms and Data Access Layer
I am using ASP.NET 2.0 with c#. I am trying to declare a global session object that will be used in both c# Class files (DAl) and my web forms (Presentation Tier). Now my session object is Session["Bookid"].  The value stored in this session object is the value from a selected item in my dropdown control. That works fine. But I want this Session object to be used in a (DAL) but the value is null.  Here is exactly what i am trying to do. 1). Select item from dropdown control (from Web form)2). Assign the selected item to Session["Bookid"]3). Access that Session ...

HTTP Web Request to site using Session ID
Hi there I have some code that needs to make a HTTP request to a site which uses session id's I have the code working fine against sites which don't use session id's already. I was wondering if anybody had any advice on ways to deal with this. I have investigated all of the client side code from the site and cant see an reference to a session id so Im assuming it is a session state. My next thing to try is to see if the server will assign a session to my app but if that doesn't work then I am a bit stuck. Any ideas or suggestion are most welcome. CheersJustin Hewitt "Creati...

XML HTTP Request Object Use With Cross-Domain Scripting
[It has been recommended I post this in, although this is really a general use of Javascript in Firefox, and not actually any add-on I am developing for the HTTP client.] I ran into an issue where my interactive web document presents a form to the user and processes the form data by sending HTTP request to a server with a scientific database. Although I would get an XmlHttpRequest.readyState == COMPLETE condition, the XmlHttpRequest.status value was zero and not the usual 3-digit code (preferably 200). I kept saying "WTF" until numerous...

XML HTTP Request Object Use With Cross-Domain Scripting
I ran into an issue where my interactive web document presents a form to the user and processes the form data by sending HTTP request to a server with a scientific database. Although I would get an XmlHttpRequest.readyState == COMPLETE condition, the XmlHttpRequest.status value was zero and not the usual 3-digit code (preferably 200). I kept saying "WTF" until numerous google result searches appeared to indicate it was a security issue. I switched to using IE9 to see what was going on, and sure enough, IE9 reported a PERMISSION error at the call to the XmlHttpR...

Acessing variables, objects and functions from javascript to VB .NET Web Forms
I have included some javascript files in my application. I want to access the variables, objects and functions of Javascript to the VB.NET Web Forms, which means that I want to transfer the methods from Javascript to the code-behind in a web form. How do I do this? Can anybody help me with some sample codes...thanks in advance . you can't pass javascript variables (client side) to code-behind (server side). you can however put your variables into hidden input fields then access those input fields from code-behind. or use ajax I think the only way to do this is...

Acessing variables,arrays, objects and functions from javascript to VB .NET Web Forms
I have a textbox where user can put data.I store data into an array .I did this with java i want to acess the array from the Codebehind  in web is the codefunction MakeArray( n ) { if( n <= 0 ) { this.length = 0; return this; } this.length = n; for( var i = 1; i <= n; i++ ) { this[ i ] = 0; } return this; } var Form1 = new MakeArray( 25 ); var index = 0; var cmmnd = 1; function f_store( sTR ) { var i; if( index >= Form1.length ) { for( i = 1; i < Form1.length; i++ ) Form1[i-1] = Form1; index = Form1.length - 1; } Form1[ index ] = cmmnd + ":" + sT...

superreview requested: [Bug 410500] Add "Web form password" description to web form keychain items : [Attachment 295140] fix
Stuart Morgan <> has asked Mark Mentovai <> for superreview: Bug 410500: Add "Web form password" description to web form keychain items Attachment 295140: fix ...

Why a hidden variable is present on Page but Request.Form[controlID] is NULL, when Posted back in some scenarios.
Hi All, I have following scenario of my application:1.       Opened an customer info view(readonly controls)  page in the  browser window2.       Ctrl N to call the same view page in another window3.       I have a html hidden variable/control to keep track some data on page and default to “” For ex: <input type="hidden" id="ThresholdControlArray" name="ThresholdControlArray" value="" />4.       I entred i...

Is "Session" the best solution for transfering variables between "Web Forms"??
Hi all; I am using an ASP.NET Web Application (with VB.NET)... and this App used to manage customers' requests.. so, ther user will handel customer#1 data for a while, then he (the user) will handle the data of customer#2. and so on.. And I need to transfer some variables value from one page (Web Form) to onother pages (Web Forms), Is the "Session" variable the BEST solution? and do you recommend me to increase its live to 60 mins or more. (In case the user need approx. 1 hour to handle customer#1 data!!)?? Example of values I want to transfer: CustomerID, RequestNo, Co...

Web Service, Web Forms shared session
How could I share session between Web Service and Web Forms (they are in the same project). There is no problem when I refer to session in only one of them. But when I declare session value in one of them - second doesn't see it (== null).I put session ID in CookieContainer for Web Service, but I want to pass session values farther - to *.aspx sites of this project. Hi,You can't share session directly withing different projects of solution.One way of solution is use of StateServer mode of session.Thanks. Shah Dharnendra GSr.Analyst Programmer,GTL-Ahmedabad...

Web resources about - Http post request cross domain retaining session variables -

Retaining wall - Wikipedia, the free encyclopedia
... on the opposite side. The walls must resist the lateral pressures generated by loose soils or, in some cases, water pressures . Every retaining ...

Western Sydney confident of retaining Ono
WESTERN SYDNEY are in no rush to extend Shinji Ono's contract despite the threat of losing the Japanese star to a rival A-League club at the ...

Raiders hope cutting prices will be just the ticket to retaining members
The Raiders will cut their cheapest adult ticket price at the turnstiles by 34 per cent in an attempt to make NRL games more affordable next ...

North Queensland Cowboys 2015 NRL premiers: Peter Parr confident of retaining grand final side long term ...
NORTH Queensland supremo Peter Parr is quietly confident the club can keep cashed up rivals at bay despite up to nine of their grand final winning ...

Fox Sports and Seven tie up AFL rights in $2.5bn deal with Telstra retaining digital rights
News Corp owned Fox Sports and Seven Network have tied up the rights for the AFL for six years for a record breaking $2.508bn, double the previous ...

Australian Rugby Union confident of retaining Israel Folau 'longer-term'
The Australian Rugby Union is confident it can fend off a raid from the NRL and lock in dual international Israel Folau for as long as three ...

Tips for retaining employees from Takor’s Amir Farhand
Australian geospatial startup Takor has been operating for nearly seven years now and CEO Amir Farhand says he’s yet to lose one employee.

Essendon Bombers still hopeful of retaining Jake Carlisle and Jake Melksham
Essendon have not given up hope of convincing wantaway duo Jake Carlisle and Jake Melksham to stay now that John Worsfold has been installed ...

Right move in retaining telco bar
THE Abbott government has made the right call in continuing Labor's ban on participation in the NBN network by the Chinese telco giant Huawei. ...

Rio Tinto's Andrew Harding confident of retaining lowest iron ore costs
Rio Tinto's iron ore head says a proactive strategy on technology will stand it in good stead to preserve its ranking as the lowest cost producer ...

Resources last updated: 2/17/2016 1:41:59 AM