Problems when switching to secure server

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
ssmedia
Forum Newbie
Posts: 3
Joined: Wed Jul 27, 2005 3:57 pm

Problems when switching to secure server

Post by ssmedia »

Hi people,

I have a site that has a SSL certificate (not a shared ssl), basically, if I login to my site then switch to a secure page, I automatically get logged out.

Anyone else had this problem? The site runs of PHP and MySQL.

Thanks.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

Cookies are per domain.

https://www.example.com != http://www.example.com.

Thus, switching from one to the other means the cookie goes away. Making things even trickier, using the https site to set the cookie for the http site doesnt work - most browsers reject cross-site cookies.
ssmedia
Forum Newbie
Posts: 3
Joined: Wed Jul 27, 2005 3:57 pm

Post by ssmedia »

Hi Roja,

Thanks for the reply,

So once I enter the secure section of my site, all data is lost, here is a scenario:

I browse the shop >>> add content to my basket >>> click on the checkout button >>> all data is lost because I entered the secure server.

It works vice-versa, if I login to the site using the secure server then switch to the regular server, all data is lost.

There is something messed up my code, there has gotta be.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

ssmedia wrote: There is something messed up my code, there has gotta be.
Not at all. Read my reply again. You switch from one domain to another. From the http domain, to the https domain. They are seperate.

The way ecommerce sites usually handle it is to pass the session id in the url between the two. You build a full session for the user on the db, pass the session id, and when they reach the secure side, you use the url-passed session id to establish their session.
ssmedia
Forum Newbie
Posts: 3
Joined: Wed Jul 27, 2005 3:57 pm

Post by ssmedia »

You obviously know way more than me, I used a free CMS, hence the problems. Would you mind taking a look at my site?

Thanks
Post Reply