Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    May 2006
    Posts
    107
    Thanks
    1
    Thanked 0 Times in 0 Posts

    ssl and session issue

    my session is working fine with http, i am able to save data in session var and get it with http, but i want to access these session variables with https as, when i try to do i not able access them with https, please help me in this issue,

    thanks in advance.

  • #2
    New Coder
    Join Date
    Nov 2006
    Posts
    30
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Sessions won't pass between the two virtual hosts.. before going to https, store an id in the database and pass it to https via browser..

  • #3
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,147
    Thanks
    2
    Thanked 333 Times in 325 Posts
    You might also be able to pass the session ID as part of the url - http://www.phpbuilder.com/board/show...php?t=10305775
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • #4
    Regular Coder
    Join Date
    May 2006
    Posts
    107
    Thanks
    1
    Thanked 0 Times in 0 Posts
    isn't there any other way to solved this issue, one more thing to tell you is i am not using self assigned certificates, I am using 3rd party certificates.

  • #5
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,147
    Thanks
    2
    Thanked 333 Times in 325 Posts
    There is apparently a standard/requirement - RFC2109 - that says that http and https sessions are separate and that a browser cannot pass information between them. See this interesting link - http://www.ciac.org/ciac/bulletins/l-010.shtml

    Researching further, I believe that browsers keep a separate cache of cookies for each protocol. I found a browser inspector that had separate deleted functions for http and https cookies. I also searched for several combinations of "http https session cookie" and all of the solutions involve passing the session id as part of the URL. There were even hits for oscommerce where if they were deliberately not using cookies for sessions, this worked (the session id was already automatically being passed as part of the URL) and did not work when using cookies to pass the session id.

    This is more than I ever wanted to know about https and sessions but it is pretty definitive about what will and won't work.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •