Session variables with SSL
Moderator: General Moderators
-
DudeBori82
- Forum Commoner
- Posts: 26
- Joined: Thu Nov 18, 2004 10:09 am
- Location: Florida
Session variables with SSL
When the customer is ready to check out. They click checkout and it sends them to a page (secured by a shared security SSL) for them to enter in the payment information, etc. The problem is that when I use the shared security access url, I loose all the info that was stored in the previously created session array (the shopping cart). Then when they go to check out, everything in their cart dissapears. Any suggestions?
The session cookie isn't valid for your domain anymore, because most likely your SSL certificate is not issued for your site, but shared. For a long explanation see http://www.modwest.com/help/kb5-264.html
-
DudeBori82
- Forum Commoner
- Posts: 26
- Joined: Thu Nov 18, 2004 10:09 am
- Location: Florida
-
DudeBori82
- Forum Commoner
- Posts: 26
- Joined: Thu Nov 18, 2004 10:09 am
- Location: Florida
Ok, here's a question. If I cannot use the same session array when moving to an SSL page, I will have to pass this session array through POST. How should I go about doing it? Here's an idea, tell me if you have anything better
Page 1:
Page 2:
I am attempting to dynamically create variables. I am not sure if this will work. If there's a better way, please tell me.
Page 1:
Code: Select all
<?php
while ($i <= sizeof($_SESSION['cart'])){?>
<input type="hidden" name="Product_ID<? echo $i; ?>" value="<? echo $_SESSION["cart"][$i]['Product_ID']; ?>">
$i++;
}
<input type="hidden" name="items" value="<? echo ($i - 1); ?>">
?>Code: Select all
<?php
while ($i <= $_POST['items']) {
$_SESSION["cart"][$i]['Product_ID'] = $_POST['Product_ID$i'];
$i++;
}
?>-
DudeBori82
- Forum Commoner
- Posts: 26
- Joined: Thu Nov 18, 2004 10:09 am
- Location: Florida
you might also look at serialize()
serialize all your variables, pass the result in a hidden field, then unserialize on the ssl page
watch out for magic_quotes, you might need to do a stripslashes when receiving the data
but if its on the same server, maybe you could just pass the SID through the url or a hidden form field.
serialize all your variables, pass the result in a hidden field, then unserialize on the ssl page
watch out for magic_quotes, you might need to do a stripslashes when receiving the data
but if its on the same server, maybe you could just pass the SID through the url or a hidden form field.
-
DudeBori82
- Forum Commoner
- Posts: 26
- Joined: Thu Nov 18, 2004 10:09 am
- Location: Florida