Reply to Re: HTTP HTTPS Session question

Your name:

Reply:


Posted by totalstranger on 10/21/07 20:17

On or about 10/21/2007 4:15 PM, it came to pass that totalstranger wrote:
> On or about 10/19/2007 10:09 AM, it came to pass that Steve wrote:
>> "totalstranger" <totalstranger@not.yahoo.net> wrote in message
>> news:4iIRi.294$TT4.206@newsfe12.lga...
>>> My Bluehost site is setup with a dedicated IP address, Rapid SSL
>>> certificate, PHP 5 and FastCGI is set on.
>>>
>>> When switching between HTTP and HTTPS I was under the impression the
>>> Session Data was independent for each protocol and I've read about
>>> various methods of storing session data in a database to bypass this
>>> problem. However while testing what I thought was incomplete code (no
>>> $_Session preservation code in place), I've discovered this is not
>>> true on my site.
>>>
>>> In other words I go from HTTP (request login), to HTTPS (do login and
>>> set SESSION variables), then back to HTTP(to maintain data), the
>>> session variables set in HTTPS are usable in HTTP and I get the exact
>>> same session id with both protocols without any code to preserve the
>>> $_SESSION data between protocols. While this may make my coding
>>> easier, it gives me a sense that something is wrong and I have a
>>> security risk. Can anyone confirm this is the way it's supposed to work?
>>
>> why is *any* of this a surprise OR security risk? ssl is means to
>> secure the communication between the client and server. sessions
>> relate to either cookies on the client or session files on your
>> server. none of that has *any* relation to secured sockets or not.
>> your spidy senses are simply whacked. why *should* this work any other
>> way? are you suggesting that ssl protects *you* from being hacked?
>> that's not only a misconception, it's a dangerous mentality.
>>
>> sessions are hard to coordinate between *domains*...not HTTP&S.
>>
> Wow! You must have born with a full insight to everything!
Umm before Steve objects to my English, that should have been
Wow! You must have been born with a full insight to everything!

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация