On 5/22/06, Michael Satterwhite <michael@xxxxxxxxxxx> wrote:
I have a site that is using a shared ssl certificate. When running on
the site, the host is of the form <host.com>. When running in ssl mode,
the domain is of the form <host>.<certhost>.com. ping shows that both
resolve to the same ip address.
Is there a way to create a cookie in the unsecured area and have it
available when going through the ssl certificate?
tia
---Michael
--
Fight software piracy!
Don't pirate MS Office - that's theft.
Instead, use ours - it's legal and free
www.openoffice.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
If by cookie you mean your PHPSESSION cookie, this is sort-of
possible. My work has a shared certificate for those whom don't wish
to purchase their own. This only works if http and https servers are
on the same machine.
- on regular page (cart) make link to another regular page (checkout)
that should become secure
- save session id to db, fetch last returned id.
- create ssl href with ?id=last returned id
- load session from the DB using the key
- delete session id from DB since it is now shared between domains
- call session_regenerate_id
...becomes...
http://www.example.com/cart.php
http://www.example.com/checkout.php
https://ssl.example.com/example/checkout.php
I'm not really sure how important the whole hide the session id thing
is considering I regenerate the ID. But better safe than sorry I
guess. :)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
