I've implemented a security method where a user goes to a page, if they are are session authenticated, they redirect to a central login page, and then if they login correctly they are redirected back to the originating page with the session variable true. I'm basically using javascipt to accomplish this at the top of each file I want to protect:
if(Session("Authenticated") != "-1")
{
var curLoc = "http://" + Request.ServerVariables("SERVER_NAME") + Request.ServerVariables("URL");
Response.Redirect("http://" + Request.ServerVariables("SERVER_NAME") + "/security/login.asp?destPage=" + curLoc);
}
The destination page is passed in the querystring, and that's how it knows where to go back to. Our servers are set up so that we have a production server, and then the test server is a virtual directory off the main web, so our paths look like intranet.domain.com, and our test environment is test.domain.com, but they are technically in the same "website" under IIS.
My process works in the test environment, but doesn't in the production environment. It is the same code, so I don't know what else could be causing it to have problems. The redirects are working, and the login is passing, its just not getting the session variable in the prod setting - it just goes in an endless loop. What else can I look for that might be different between the two domains? Thanks!