Sessions / https problem
Posted: Thu Aug 19, 2004 5:40 pm
I've got a fairly major problem whereby session ids are being just randomly reassigned for reasons I can't comprehend. A user will be on the site, has a session ID... I can track them and have been.
As soon as they move over to https, potential for tragedy begins and the server seems to be deciding willy-nilly to hand out new IDs. I've seen a single user in a single browsing session with 3 different session IDs. It doesn't seem to necessarily do it EVERY page but it often does. Now, all the session data is being maintained; if that user goes BACK to regular http, they can regain their old session id and see all their data is still there. I'm totally lost on this now.
I should mention that this affects only a small number of people. And from the statistics I've gathered there is NO connection between them in terms of time of day, browser, platform, IP, or anything else that might make sense.
As soon as they move over to https, potential for tragedy begins and the server seems to be deciding willy-nilly to hand out new IDs. I've seen a single user in a single browsing session with 3 different session IDs. It doesn't seem to necessarily do it EVERY page but it often does. Now, all the session data is being maintained; if that user goes BACK to regular http, they can regain their old session id and see all their data is still there. I'm totally lost on this now.
I should mention that this affects only a small number of people. And from the statistics I've gathered there is NO connection between them in terms of time of day, browser, platform, IP, or anything else that might make sense.