Page 1 of 1
session lost in https
Posted: Tue Jun 23, 2009 6:41 am
by deepak10
When switching between HTTP and HTTPS,i lost all my session values,
how can i use the sessions over the http and https
i am passing session id over url to the secure page.but it is not working...
please do the needfull ........
thanks
Re: session lost in https
Posted: Tue Jun 23, 2009 7:30 am
by kaisellgren
Are you using PHP's session system? Did you set the Secure -flag (session.cookie_secure)?
Or maybe your domain name changes between the switch? From a sub-domain to domain or vice versa? Be sure to set the domain part properly in that case.
http://fi.php.net/manual/en/function.se ... params.php
Re: session lost in https
Posted: Wed Jun 24, 2009 12:20 am
by deepak10
session.cookie_secure flag is set to "on"
still i cannot pass php session variables from HTTP to HTTPS. Please find the code below which i have used to test.
HTTP file:
~~~~~~~~~~~
Code: Select all
<?php
session_start();
$currentSessionID = session_id();
$_SESSION['myvariable'] = 'It worked';
$secureServerDomain = 'www.somedomain.com';
$securePagePath = '/new/products/login.php';
echo '<a href="https://' . $secureServerDomain . $securePagePath . '?session=' . $currentSessionID . '">Click here to transfer your session to the secure server</a>';
?>
HTTPS file:
~~~~~~~~
Code: Select all
<?php
$currentSessionID = $_GET['session'];
session_id($currentSessionID);
session_start();
if (!empty($_SESSION['myvariable'])) {
echo $_SESSION['myvariable'];
} else {
echo 'It did not work.';
}
?>
Re: session lost in https
Posted: Wed Jun 24, 2009 6:16 am
by kaisellgren
Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Z:\Portable Applications\nginx\htdocs\test2.php on line 5
That's the reason. You should turn on error reporting.
You don't really need to pass identifiers to the files. Your web browser will submit the identifier using cookies.