Session variables with SSL

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
DudeBori82
Forum Commoner
Posts: 26
Joined: Thu Nov 18, 2004 10:09 am
Location: Florida

Session variables with SSL

Post by DudeBori82 »

When the customer is ready to check out. They click checkout and it sends them to a page (secured by a shared security SSL) for them to enter in the payment information, etc. The problem is that when I use the shared security access url, I loose all the info that was stored in the previously created session array (the shopping cart). Then when they go to check out, everything in their cart dissapears. Any suggestions?
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

The session cookie isn't valid for your domain anymore, because most likely your SSL certificate is not issued for your site, but shared. For a long explanation see http://www.modwest.com/help/kb5-264.html
DudeBori82
Forum Commoner
Posts: 26
Joined: Thu Nov 18, 2004 10:09 am
Location: Florida

Post by DudeBori82 »

yup, that's what's happening. I guess I could pass them tediously using the POST method to the SSL page and then re-insert them to a new session array on the SSL page.
DudeBori82
Forum Commoner
Posts: 26
Joined: Thu Nov 18, 2004 10:09 am
Location: Florida

Post by DudeBori82 »

Ok, here's a question. If I cannot use the same session array when moving to an SSL page, I will have to pass this session array through POST. How should I go about doing it? Here's an idea, tell me if you have anything better

Page 1:

Code: Select all

<?php
while ($i <= sizeof($_SESSION['cart'])){?>
      <input type="hidden" name="Product_ID<? echo $i; ?>" value="<? echo $_SESSION["cart"][$i]['Product_ID']; ?>">
      $i++;
}
<input type="hidden" name="items" value="<? echo ($i - 1); ?>">
?>
Page 2:

Code: Select all

<?php
while ($i <= $_POST['items']) {
      $_SESSION["cart"][$i]['Product_ID'] = $_POST['Product_ID$i'];
      $i++;
}

?>
I am attempting to dynamically create variables. I am not sure if this will work. If there's a better way, please tell me.
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

Personally, I haven't tried this, but I would check which website issues the SSL, then read out your domain's session-cookie, then set an identical cookie with the domain-name of the SSL issuer.
DudeBori82
Forum Commoner
Posts: 26
Joined: Thu Nov 18, 2004 10:09 am
Location: Florida

Post by DudeBori82 »

What do you mean by "read out"?
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

basically, make a copy of the values in the session cookie (session id etc.).
rehfeld
Forum Regular
Posts: 741
Joined: Mon Oct 18, 2004 8:14 pm

Post by rehfeld »

you might also look at serialize()

serialize all your variables, pass the result in a hidden field, then unserialize on the ssl page

watch out for magic_quotes, you might need to do a stripslashes when receiving the data


but if its on the same server, maybe you could just pass the SID through the url or a hidden form field.
DudeBori82
Forum Commoner
Posts: 26
Joined: Thu Nov 18, 2004 10:09 am
Location: Florida

Post by DudeBori82 »

what is the "SID"? Do you mean session ID?
DrHoliday
Forum Newbie
Posts: 11
Joined: Mon Dec 06, 2004 5:12 pm
Location: Germany

Post by DrHoliday »

Maybe it's easier to just pass the session ID (retrieved by session_id()) to the first https site, and then set it for the new domain with the same function. But i don't know if this works, just a thought.

Wolfgang
Post Reply