Sessions In https

lwauters

I am trying to set some sessions variables in an https (SSL):
session_start();
...
$row = $results[0];
session_register("myses");
if(session_is_registered("myses")){
$myses=array("id"=>$row["user_id"],"username"=>$row["username"],"password"=>$row["password"]);
$myses=serialize($myses);
}

the to go to another php script in where I want to call my vars i use:
<a href='".SECURE."delivery.php?sid=".$PHPSESSID."'>Please continue</a>

in the delivery.php I want to call the session vars:
session_start();
...
$myses=unserialize($myses);
echo "Session ID:.... " .$PHPSESSID .NL;
echo "ID..." .$myses["id"] . NL;
echo "username..." .$myses["username"] . NL;

I receive blanks ... although the session is set in the /temp directory. It has a value in it but I don't have permission to read the value of my sess.

By the way... I use php4.06

Any recommendations are welcome!

THX

Luc

emcb_php

Hi,

I dont see why that wouldnt work, but a recommendation. If the PHPSESSID variable has already been used or cached it could contain an old session id, so instead use session_id.

And i dont know what the NL is about?

Elfyn

lwauters

Elfyn,

NL is a defined var: define("NL","<br>\n");

im my delivery.php
if(isset($sid) and $sid!=""){
session_id($sid);
session_start();
}

lwauters

In my deliver script when I insert
print_r($HTTP_SESSION_VARS);
Only the old session vars show up.

In the unsecure http I already registered a session var called $newses. when
I go to the secure part I use the same sessionid -> session_id($sid);
where $sid was part of the url
<a href="https://domain.com/gotosecure.php?sid=$PHPSESID">Go to secure
part</a>

Once I am in the secure part (Login) I want to register a new sessvar.
session_register("myses");
if(session_is_registered("myses")){
$myses=array("id"=>$row["user_id"],"username"=>$row["username"],"password"=>
$row["password"]);
}

and it is this one that I cant get!