Posted by Erwin Moller on 11/15/77 11:24

Grunff wrote:

> I'm experiencing an interesting problem with carrying a php session over
> from http to https. Much googling later, I'm still stuck.
>
> The application is an online shop, where some user data is stored in the
> session. As the user proceeds to checkout, we switch over to https. This
> is all done on the same physical server, under the same domain (which
> has an SSL cert).
>
> The session ID is carried over fine - I can read the session ID from
> http and https and it is the same. However, when I try to access a
> session variable e.g. $_SESSION['s_userid'], I can only do it using
> whichever protocol was used to write the variable in the first place.
>
> Let me explain more. If I save some user info in session variables from
> pages accessed via http, then I try to read these variables from pages
> accessed via https, they are empty.
>
> I just want to make it clear that the problem is not that the session ID
> is not available to the https pages - it is, and it's the same session id.
>
> So, any idea what's going on here? It seems that there are two sessions
> being created with the same session ID, one for http and one for https.
> Is that what happens? if so, how do I get around it? How do I access the
> session data from my https pages?
>
> Any help much appreciated.
>
>

Hi,

I do not have a solution, but maybe something to get you going:
SESSION are based on some value of PHPSESSID, most of the time stored in a
cookie on the client browser.

Cookies set by a certain domain cannot be accessed by another domain.
Is it possible you switch also domains when you wsitch from http to https?

Like:
http://www.babelfish.com
to
https://www.purchasebabelfishhere.com

Regards,
Erwin Moller

[Back to original message]