On Thu, June 9, 2005 7:43 am, Joe Harman said: > I am having a little problem with users keeping the same session id > when they go from http to https... is there a work around for this... > I don't appear to have this problem when using openSSL just when the > site has it's own certificate. > > should I store the session id in a cookie??? or is there another way or > setting A Cookie would be a fine way to pass it, or in the URL. You probably have a very clear user-interaction-path into and out of SSL anyway, so you'd only be changing a couple lines of code, in a well-designed application. Essentially, it's probably best to think of your HTTP and HTTPS as two totally different servers, with nothing in common, even when, in fact, they are the same server with the same files in the same exact hard drive and all that. Some hosts split HTTPS off on another box ; Some don't. If you're ready for the split, you're more mobile. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php