|
|
Posted by "Richard Lynch" on 09/28/73 11:18
On Thu, June 9, 2005 7:43 am, Joe Harman said:
> I am having a little problem with users keeping the same session id
> when they go from http to https... is there a work around for this...
> I don't appear to have this problem when using openSSL just when the
> site has it's own certificate.
>
> should I store the session id in a cookie??? or is there another way or
> setting
A Cookie would be a fine way to pass it, or in the URL.
You probably have a very clear user-interaction-path into and out of SSL
anyway, so you'd only be changing a couple lines of code, in a
well-designed application.
Essentially, it's probably best to think of your HTTP and HTTPS as two
totally different servers, with nothing in common, even when, in fact,
they are the same server with the same files in the same exact hard drive
and all that.
Some hosts split HTTPS off on another box ; Some don't.
If you're ready for the split, you're more mobile.
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|