Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    New Coder
    Join Date
    Jun 2004
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question help with keeping session info when going from http to SSL

    HELP.....lol....

    Ok so I am just learning how to use PHP. I have modified a shopping cart/catalogue system, to suit my sites needs. It was going so well, I have it working 100% the way i want it to. Then I got to the page that takes the card info. So I set it up to go to my SSL. But now when the user proceeds to that page, from the checkout page, the $HTTP_SESSION gets lost.

    So basically it goes like this,

    user hits the purchase button on the checkout.php page

    the user gets redirected to the "https" purchase.php page.

    when the user gets to that page the cart reads empty.

    Now I know that the session is getting lost cause of the domain change, or at least I think.

    I read in a forum that there is a way of using the session_id() to get this to work. But I dont understand how to get this to work.

    Does ne body have any suggestions?


    Thank u in advance,
    ~Jason

  • #2
    New Coder
    Join Date
    May 2003
    Posts
    71
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have had the same problem and never found a solution. I have tried serializing the session and sending it via GET to the SSL page and trying to pick it up again, but even that failed.

    If anyone has figured it out, do tell. As it drove me nuts for 2 months not being able to resolve it.
    cpCommerce - Finally a template based open-source e-commerce solution

  • #3
    New Coder
    Join Date
    Jun 2004
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    yeah, I am still stumped by this. I know its gotta be posible, and probalbly very simple, but I am stumped nonetheless.

    So far I got the session_id to pass over to the SSL side, but it doesnt seem to effect the SSL session....



    anyhelp....please please please.....

    thanx
    ~Jason

  • #4
    Regular Coder
    Join Date
    May 2004
    Location
    sweden
    Posts
    236
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The solution is a question of logic. First the reason a session is lost is because the SSL is a shared one so the domain changes. Session cookies written for nthe old domain are not available to the new domain.

    The point of logic is that this is the finally step in the process and so you don't need Session any longer. You can transfer the information to the SSL form or site via POST or GET. Loop through the Session variable and create hiddens then send them.

    Hmm,
    You could talk to your provider about purchasing your own SSL certificate and setting up your domain with them so that the name does not change.

    The last option is one that is in the experimental area. You could try and rewrite the Session cookies to use the new domain name at the point of transfer. I am not sure if you can do this and redirect in a linear manner so that the new server will catch the new cookies.
    Carl McDade
    _____________
    Hiveminds Magazine
    for web publisher and community builders
    eRuby Tutorials

  • #5
    New Coder
    Join Date
    Jun 2004
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts

    thanx for your reply....but, I just got it to work....using the session_id

    so basically, understanding the fact that the session was not deleted but was just lost...I just needed to find a way to refind the lost session.

    SO what i did was passed the session_id as a post variable,

    recieved the post variable on the next SSL page, then used a if else statement that looks like this:
    PHP Code:
    if ($HTTP_POST_VARS['sid'])
             {
            
    session_id $HTTP_POST_VARS['sid'] );
            
    session_start();
            }
        else
            {
            
    session_start();
            } 
    where 'sid' was the posted variable

    hopefully this helps someone out....a noobie hard at work, is a dangerous experiment....lol...

    over and out,
    ~Jason

  • #6
    New Coder
    Join Date
    May 2003
    Posts
    71
    Thanks
    0
    Thanked 0 Times in 0 Posts
    See I tried sending it by GET after serializing them, when the page first loads it sees the info just fine, hit another link or submit a form and it loses the session data... Weirdest thing I have ever seen, and I have no idea why it happens.
    cpCommerce - Finally a template based open-source e-commerce solution

  • #7
    New Coder
    Join Date
    Jun 2004
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    ok, while we are at this topic....and remember, I am brand new to this dynamic server side language stuff, and hell SSL too...

    what is invoved with getting a certificate, I know that we will need one....but what are the criteria of getting one?


    once again thanx in advance,
    ~Jason

  • #8
    New Coder
    Join Date
    May 2003
    Posts
    71
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by jm_0812

    thanx for your reply....but, I just got it to work....using the session_id

    so basically, understanding the fact that the session was not deleted but was just lost...I just needed to find a way to refind the lost session.

    SO what i did was passed the session_id as a post variable,

    recieved the post variable on the next SSL page, then used a if else statement that looks like this:
    PHP Code:
    if ($HTTP_POST_VARS['sid'])
             {
            
    session_id $HTTP_POST_VARS['sid'] );
            
    session_start();
            }
        else
            {
            
    session_start();
            } 
    where 'sid' was the posted variable

    hopefully this helps someone out....a noobie hard at work, is a dangerous experiment....lol...

    over and out,
    ~Jason
    I will have to try this on my setup later this week.
    cpCommerce - Finally a template based open-source e-commerce solution

  • #9
    New Coder
    Join Date
    Jun 2004
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    cool...seems to work fine for me....now onward I march....

    ~Jason

  • #10
    Regular Coder
    Join Date
    May 2004
    Location
    sweden
    Posts
    236
    Thanks
    0
    Thanked 0 Times in 0 Posts
    A SSL certificate can be gotten for about $200 per year.

    You could also cheat and build the entire application using the https:// address and have your entire cart behind this address. This way there is no hand off. But I would check with the hosting provider first.
    Carl McDade
    _____________
    Hiveminds Magazine
    for web publisher and community builders
    eRuby Tutorials

  • #11
    New Coder
    Join Date
    Jun 2004
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    saweet...thanx for the 411 man....ill check with the host....


    ~Jason


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •