Re: http to https session problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, June 9, 2005 7:43 am, Joe Harman said:
> I am having a little problem with users keeping the same session id
> when they go from http to https... is there a work around for this...
> I don't appear to have this problem when using openSSL just when the
> site has it's own certificate.
>
> should I store the session id in a cookie??? or is there another way or
> setting

A Cookie would be a fine way to pass it, or in the URL.

You probably have a very clear user-interaction-path into and out of SSL
anyway, so you'd only be changing a couple lines of code, in a
well-designed application.

Essentially, it's probably best to think of your HTTP and HTTPS as two
totally different servers, with nothing in common, even when, in fact,
they are the same server with the same files in the same exact hard drive
and all that.

Some hosts split HTTPS off on another box ; Some don't.

If you're ready for the split, you're more mobile.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux