|
|
Posted by Simon Stienen on 08/09/05 22:49
On 2005-08-09 16-27-39 Grunff <grunff@ixxa.com> wrote:
> I'm experiencing an interesting problem with carrying a php session over
> from http to https. Much googling later, I'm still stuck.
>
> The application is an online shop, where some user data is stored in the
> session. As the user proceeds to checkout, we switch over to https. This
> is all done on the same physical server, under the same domain (which
> has an SSL cert).
>
> The session ID is carried over fine - I can read the session ID from
> http and https and it is the same. However, when I try to access a
> session variable e.g. $_SESSION['s_userid'], I can only do it using
> whichever protocol was used to write the variable in the first place.
>
> Let me explain more. If I save some user info in session variables from
> pages accessed via http, then I try to read these variables from pages
> accessed via https, they are empty.
>
> I just want to make it clear that the problem is not that the session ID
> is not available to the https pages - it is, and it's the same session id.
>
> So, any idea what's going on here? It seems that there are two sessions
> being created with the same session ID, one for http and one for https.
> Is that what happens? if so, how do I get around it? How do I access the
> session data from my https pages?
>
> Any help much appreciated.
Is your HTTPSd configured to use other temporary directories? Or maybe the
secure site runs under a different user, so the user is not allowed to read
the existing session? (Safe mode postfixes Authentication realms with the
user id, so it is possible, that the files holding the session data are
prefixed, too.)
HTH,
Simon
--
Simon Stienen <http://slashlife.org/>
"What you do in this world is a matter of no consequence,
The question is, what can you make people believe that you have done."
/Sherlock Holmes in A Study in Scarlet by Sir Arthur Conan Doyle/
Navigation:
[Reply to this message]
|