In hindsight this is obvious, but now I'm in a pinch...
I use https://secure.domain.com/login.php to authenticate and store some data into a session data set stored in MySql (instead of /tmp). The client browser gets assigned/generates a PHP sessionid for that login on the secured server of (eg.) '1234567890A'. All session functions work fine in test on this host. This is default behavior for PHP and sessions.
My app logic is to redirect authenticated client logins to http://www.domain.com/welcome.php. ; However, when they arrive at that "other" location, their session ID is different (eg.) 'A0987644444' - I presume because the same physical server is doing its best to keep the sessions unique between the two virtual hosts. Because the session is different, none of my stored session data from the "other" host is available to the new session.
Surely it's really common to securely authenticate and then hand off the session to a non-secured host (and back again?).
What can I do?! Hopefully I can avoid reliance on cookies.
THANKS!
