Http to Https - New Session?

On my session.Open() event I check to see if they’re session is secure or not and then reroute them.

if not Session.Secure and not DebugBuild then dim params() as String for i as Integer = 0 to Session.URLParameterCount - 1 dim pName as string = Session.URLParameterName(i) params.Append(EncodeURLComponent(pName)+"="+EncodeURLComponent(Session.URLParameter(pName))) next Dim url As String = "https://" + hostname + "/" if params.Ubound > -1 then url = url + "?" + join(params,"&") if HashTag <> "" then url = url + "#"+HashTag ShowURL(url) end

I’m not sure if I should “return” after the ShowURL.
I have additional logic initializes session variables.
When I redirect them does it create a new session where I need to pass over the parameters and hash tag.
Or should I not return and still do this initial setup and it will continue through to the HTTPS redirect.

It does create a new session.

I should probably do a:

session.Quit return
at the end of that branch then

It appears doing this causes the web app to appear to go offline for a second before navigating them to the secured site. Is there a way to avoid this?

Does PrepareSession() happen after the Open event or before? Would this be a better location for this?

I wouldn’t call Session.Quit. You can probably let the unsecured sessions die on their own. If it becomes a problem, put weakrefs to them in an array and use a timer to call quit in 30 seconds or so.

ShowURL(url) self.Timeout = 1 return

Will the self.Timeout work for getting uneeded session to expire quicker?

[quote=137117:@Brock Nash] ShowURL(url) self.Timeout = 1 return

Will the self.Timeout work for getting uneeded session to expire quicker?[/quote]
No, and it may make it take even longer. Session.TimeOut sets up a timer on the browser side so you can warn users about inactivity.