ssl and session issue

dizyn · 11-22-2006, 07:35 PM

my session is working fine with http, i am able to save data in session var and get it with http, but i want to access these session variables with https as, when i try to do i not able access them with https, please help me in this issue,

thanks in advance.

GeXus · 11-22-2006, 07:44 PM

Sessions won't pass between the two virtual hosts.. before going to https, store an id in the database and pass it to https via browser..

CFMaBiSmAd · 11-22-2006, 08:16 PM

You might also be able to pass the session ID as part of the url - http://www.phpbuilder.com/board/show...php?t=10305775

dizyn · 11-23-2006, 06:13 AM

isn't there any other way to solved this issue, one more thing to tell you is i am not using self assigned certificates, I am using 3rd party certificates.

CFMaBiSmAd · 11-23-2006, 07:38 AM

There is apparently a standard/requirement - RFC2109 - that says that http and https sessions are separate and that a browser cannot pass information between them. See this interesting link - http://www.ciac.org/ciac/bulletins/l-010.shtml

Researching further, I believe that browsers keep a separate cache of cookies for each protocol. I found a browser inspector that had separate deleted functions for http and https cookies. I also searched for several combinations of "http https session cookie" and all of the solutions involve passing the session id as part of the URL. There were even hits for oscommerce where if they were deliberately not using cookies for sessions, this worked (the session id was already automatically being passed as part of the URL) and did not work when using cookies to pass the session id.

This is more than I ever wanted to know about https and sessions but it is pretty definitive about what will and won't work.