Hi All, Ok.. here's the scoop! Background: Client owns one ecommerce site. We're building another ecommerce site with different products/theme. To save on costs.. client wants to use his SSL server of the first Ecommerce site for this new site. Problem: Initially wanted to use cookies to store the session variable which holds shopping cart contents. Can't do that because of the different domains ( <http://www.newsite.com> http://www.newsite.com AND <https://oldsite.com> https://oldsite.com). Went to sessions and passed the PHPSESSID to the secure area to transfer customer data. This works fine until the transaction is complete and we pass the visitor back to the non-secure site...session is still active UNTIL a page refresh is done by the visitor. Even more of a problem is when I close down ALL windows.. hell even if I reboot the client computer and go back to the site the session is still active UNTIL a manual refresh of the page is done. Can anyone help me in how I do a full proof method of expiring sessions and session data once I have finalized the order? Thanks all. Any help is appreciated! Regards, Aaron
