HttpWebRequest - Session expires using SSL Certificate



I am attempting to connect to a website that sports an SSL
The basic operations are these:
Post the user account to the site
Parse the response page for some instance specific data
Post this data to another URL site
Post the password to the site

What happens is that when I Post the instance specific data to the
website, I receive the error "Session has expired" in the
HttpWebResponse. (Like what you would receive by clicking Back or
Refresh on a credit card or banking site).

Using Fiddler to view the HTTP traffic on my system, I see that there
are two cookies received from the first HttpWebResponse, which I save
correctly and send with the subsequent requests. The difference in
the output between my program and the browser, is that when performing
the process manually through the browser, the browser sends a cookie
with the initial request. The cookie name is the same whether I use
Internet Explorer or Firefox, and of course, the Value is unique for
each session.

It appears that a unique session id is created on the client machine
prior to any GETs or POSTs. Nothing appears in the IIS log on the
server prior to the initial POST and Fiddler on the client machine
does not indicate any communication other than some CONNECTs prior to
the first POST (presumably to get the certificate).

In viewing HTTP traffic to other secure sites, I see that it is common
for state cookies to be sent with the initial POST, though the number
and names of these cookies varies. It appears that something on the
Web Server, possibly with the certificate, directs the client on how
to set up the initial session data.

My question is this: How is the initial session data generated?


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question