Page 1 of 1

Problems when switching to secure server

Posted: Wed Jul 27, 2005 4:00 pm
by ssmedia
Hi people,

I have a site that has a SSL certificate (not a shared ssl), basically, if I login to my site then switch to a secure page, I automatically get logged out.

Anyone else had this problem? The site runs of PHP and MySQL.

Thanks.

Posted: Wed Jul 27, 2005 4:48 pm
by Roja
Cookies are per domain.

https://www.example.com != http://www.example.com.

Thus, switching from one to the other means the cookie goes away. Making things even trickier, using the https site to set the cookie for the http site doesnt work - most browsers reject cross-site cookies.

Posted: Wed Jul 27, 2005 4:54 pm
by ssmedia
Hi Roja,

Thanks for the reply,

So once I enter the secure section of my site, all data is lost, here is a scenario:

I browse the shop >>> add content to my basket >>> click on the checkout button >>> all data is lost because I entered the secure server.

It works vice-versa, if I login to the site using the secure server then switch to the regular server, all data is lost.

There is something messed up my code, there has gotta be.

Posted: Wed Jul 27, 2005 4:58 pm
by Roja
ssmedia wrote: There is something messed up my code, there has gotta be.
Not at all. Read my reply again. You switch from one domain to another. From the http domain, to the https domain. They are seperate.

The way ecommerce sites usually handle it is to pass the session id in the url between the two. You build a full session for the user on the db, pass the session id, and when they reach the secure side, you use the url-passed session id to establish their session.

Posted: Wed Jul 27, 2005 5:01 pm
by ssmedia
You obviously know way more than me, I used a free CMS, hence the problems. Would you mind taking a look at my site?

Thanks