|
Posted by Joe Harman on 10/22/41 11:18
On 6/11/05, Joe Harman <cjharman@gmail.com> wrote:
> On 6/11/05, Richard Lynch <ceo@l-i-e.com> wrote:
> > On Thu, June 9, 2005 7:43 am, Joe Harman said:
> > > I am having a little problem with users keeping the same session id
> > > when they go from http to https... is there a work around for this...
> > > I don't appear to have this problem when using openSSL just when the
> > > site has it's own certificate.
> > >
> > > should I store the session id in a cookie??? or is there another way or
> > > setting
> >
> > A Cookie would be a fine way to pass it, or in the URL.
> >
> > You probably have a very clear user-interaction-path into and out of SSL
> > anyway, so you'd only be changing a couple lines of code, in a
> > well-designed application.
> >
> > Essentially, it's probably best to think of your HTTP and HTTPS as two
> > totally different servers, with nothing in common, even when, in fact,
> > they are the same server with the same files in the same exact hard drive
> > and all that.
> >
> > Some hosts split HTTPS off on another box ; Some don't.
> >
> > If you're ready for the split, you're more mobile.
> >
> > --
> > Like Music?
> > http://l-i-e.com/artists.htm
> >
> >
>
> Yep... i am going to have to keep something in a cookie to identify
> the user if they come back to the site... I was trying to avoid the
> whole P3P things with cookies... not that it's hard... it's jsut a
> pain in the butt :o)
>
> Thanks! Cheers!
>
Yep... i am going to have to keep something in a cookie to identify
the user if they come back to the site... I was trying to avoid the
whole P3P things with cookies... not that it's hard... it's jsut a
pain in the butt :o)
Thanks! Cheers!
--
Joe Harman
---------
Do not go where the path may lead, go instead where there is no path
and leave a trail. - Ralph Waldo Emerson
[Back to original message]
|