Page 1 of 1

Session Cookies and Domains

Posted: Fri Mar 11, 2005 10:58 am
by neophyte
I'm having a problem. Session cookies that are set for:

http://mydomain.com/whatever

Are not available to my script for

https://secure.mydomain.com/whatever

Visitors are asked to login in http://mydomain.com/whatever. During the application process they are asked to make a payment. For which they are redirected to https://secure.server.com/whatever. However the security on the page checks for $_SESSION variables. But because they were created on http://mydomain.com/whatever I can't use them in https://secure.mydomain.com/whatever. Does anybody have a suggestion?

Thanks

Posted: Fri Mar 11, 2005 11:18 am
by feyd
  1. use database sessions.
  2. pass the session id via the url to the secure page
:?:

Posted: Fri Mar 11, 2005 11:46 am
by neophyte
Feyd's a genius!

Thanks for the tip Feyd.