On 6/11/05, Joe Harman <cjharman@xxxxxxxxx> wrote: > On 6/11/05, Richard Lynch <ceo@xxxxxxxxx> wrote: > > On Thu, June 9, 2005 7:43 am, Joe Harman said: > > > I am having a little problem with users keeping the same session id > > > when they go from http to https... is there a work around for this... > > > I don't appear to have this problem when using openSSL just when the > > > site has it's own certificate. > > > > > > should I store the session id in a cookie??? or is there another way or > > > setting > > > > A Cookie would be a fine way to pass it, or in the URL. > > > > You probably have a very clear user-interaction-path into and out of SSL > > anyway, so you'd only be changing a couple lines of code, in a > > well-designed application. > > > > Essentially, it's probably best to think of your HTTP and HTTPS as two > > totally different servers, with nothing in common, even when, in fact, > > they are the same server with the same files in the same exact hard drive > > and all that. > > > > Some hosts split HTTPS off on another box ; Some don't. > > > > If you're ready for the split, you're more mobile. > > > > -- > > Like Music? > > http://l-i-e.com/artists.htm > > > > > > Yep... i am going to have to keep something in a cookie to identify > the user if they come back to the site... I was trying to avoid the > whole P3P things with cookies... not that it's hard... it's jsut a > pain in the butt :o) > > Thanks! Cheers! > Yep... i am going to have to keep something in a cookie to identify the user if they come back to the site... I was trying to avoid the whole P3P things with cookies... not that it's hard... it's jsut a pain in the butt :o) Thanks! Cheers! -- Joe Harman --------- Do not go where the path may lead, go instead where there is no path and leave a trail. - Ralph Waldo Emerson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
