|
|
Posted by Grunff on 10/05/59 11:24
I'm experiencing an interesting problem with carrying a php session over
from http to https. Much googling later, I'm still stuck.
The application is an online shop, where some user data is stored in the
session. As the user proceeds to checkout, we switch over to https. This
is all done on the same physical server, under the same domain (which
has an SSL cert).
The session ID is carried over fine - I can read the session ID from
http and https and it is the same. However, when I try to access a
session variable e.g. $_SESSION['s_userid'], I can only do it using
whichever protocol was used to write the variable in the first place.
Let me explain more. If I save some user info in session variables from
pages accessed via http, then I try to read these variables from pages
accessed via https, they are empty.
I just want to make it clear that the problem is not that the session ID
is not available to the https pages - it is, and it's the same session id.
So, any idea what's going on here? It seems that there are two sessions
being created with the same session ID, one for http and one for https.
Is that what happens? if so, how do I get around it? How do I access the
session data from my https pages?
Any help much appreciated.
--
Grunff
Navigation:
[Reply to this message]
|