Passing Session securely to shared ssl domain
Posted: Wed Dec 17, 2008 11:54 am
Here is my situation, I have an e-commerce site http://www.mydomain.com and my host only supports shared ssl certificates, they do not allow private ssl certificates. In order to easily keep the php session going for the shopping cart on the secure server which is https://mydomain.hostdomain.com, I am redirecting http://www.mydomain.com to http://mydomain.hostdomain.com as my sites address, which works fine.
I would however like to use my actual domain for my site because it would look more professional to customers, but what is the best way to do that? I know I could use http://www.mydomain.com and pass the session id through a url to the secure server and recreate the session there, but I'm wondering if that creates too much of a security risk and if not, what is the best way to do it securely?
I would however like to use my actual domain for my site because it would look more professional to customers, but what is the best way to do that? I know I could use http://www.mydomain.com and pass the session id through a url to the secure server and recreate the session there, but I'm wondering if that creates too much of a security risk and if not, what is the best way to do it securely?