When switching between HTTP and HTTPS,i lost all my session values,
how can i use the sessions over the http and https
i am passing session id over url to the secure page.but it is not working...
please do the needfull ........
thanks
session lost in https
Moderator: General Moderators
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: session lost in https
Are you using PHP's session system? Did you set the Secure -flag (session.cookie_secure)?
Or maybe your domain name changes between the switch? From a sub-domain to domain or vice versa? Be sure to set the domain part properly in that case.
http://fi.php.net/manual/en/function.se ... params.php
Or maybe your domain name changes between the switch? From a sub-domain to domain or vice versa? Be sure to set the domain part properly in that case.
http://fi.php.net/manual/en/function.se ... params.php
Re: session lost in https
session.cookie_secure flag is set to "on"
still i cannot pass php session variables from HTTP to HTTPS. Please find the code below which i have used to test.
HTTP file:
~~~~~~~~~~~
HTTPS file:
~~~~~~~~
still i cannot pass php session variables from HTTP to HTTPS. Please find the code below which i have used to test.
HTTP file:
~~~~~~~~~~~
Code: Select all
<?php
session_start();
$currentSessionID = session_id();
$_SESSION['myvariable'] = 'It worked';
$secureServerDomain = 'www.somedomain.com';
$securePagePath = '/new/products/login.php';
echo '<a href="https://' . $secureServerDomain . $securePagePath . '?session=' . $currentSessionID . '">Click here to transfer your session to the secure server</a>';
?>~~~~~~~~
Code: Select all
<?php
$currentSessionID = $_GET['session'];
session_id($currentSessionID);
session_start();
if (!empty($_SESSION['myvariable'])) {
echo $_SESSION['myvariable'];
} else {
echo 'It did not work.';
}
?>
Last edited by Benjamin on Wed Jun 24, 2009 12:36 am, edited 1 time in total.
Reason: Changed code type from text to php.
Reason: Changed code type from text to php.
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: session lost in https
That's the reason. You should turn on error reporting.Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Z:\Portable Applications\nginx\htdocs\test2.php on line 5
You don't really need to pass identifiers to the files. Your web browser will submit the identifier using cookies.