Hi
I've been working on a store for a while now and hit a wall as I can't seem to identify a user (loose the session) after going to SSL mode. Let me explain:
The store uses sessions and IP to track users as they go through the store and place items in their cart. Once the customer hits "Go pay" in the cart, a login screen appears where you either login og signup. This page and others that follow are SSL as sensitive information is being passed over including payment info. The problem is this; as soon as I send the visitor to the https: (SSL) the session is lost and everything that was in the cart with it. How can I make the server recognise the user after he goes toSSL?
The server is FreeBSD 4.3-RELEASE, with server software: Apache/1.3.20 (Unix) FrontPage/4.0.4.3 mod_ssl/2.8.4 OpenSSL/0.9.6 and running the cgi flavor PHP Version 4.0.5.
Any ideas how to work around this?
Help apreciated.
Max
