You are here: HTTP HTTPS Session question « All PHP « IT news, forums, messages
HTTP HTTPS Session question

Posted by totalstranger on 10/18/07 16:25

My Bluehost site is setup with a dedicated IP address, Rapid SSL
certificate, PHP 5 and FastCGI is set on.

When switching between HTTP and HTTPS I was under the impression the
Session Data was independent for each protocol and I've read about
various methods of storing session data in a database to bypass this
problem. However while testing what I thought was incomplete code (no
$_Session preservation code in place), I've discovered this is not true
on my site.

In other words I go from HTTP (request login), to HTTPS (do login and
set SESSION variables), then back to HTTP(to maintain data), the session
variables set in HTTPS are usable in HTTP and I get the exact same
session id with both protocols without any code to preserve the
$_SESSION data between protocols. While this may make my coding easier,
it gives me a sense that something is wrong and I have a security risk.
Can anyone confirm this is the way it's supposed to work?

Thank you

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация