I also have been having troubles passing session from http to https server since session.trans_id in PHP.INI is turned off by default in newer versions of PHP4.
So these are the solutions I came up with so far:
1) You use your own PHP.INI in your folder where you run your PHP scripts. You set session.trans_id enabled so you can pass same session via GET/POST method.
2) You write php_flag session.trans_id on in your .htaccess file to enable it.
3) Forget about text-based session and use your own session management (for example, store session in database) and when you start session (session_start()), check $REQUEST and see if there is a global variable named same as session_name() and if there is one, then set session_id() to what $REQUEST contains, and then start the session.
To use 3, you have to write a class or some sort to overwrite default session_set_save_handler() so you can use your own class to manage the session in the database. or you can download PHPLib from SourceForge. It provides a lot of useful classes including this one.
Even PHP Manual says that using 1 or 2 is not a good idea; that's why they turned session.trans_id off by default and ask people to start using cookie-based session management instead. 3 eats a lot of query calls since you are using the database and if you have a limit on calling select query on your server, then you may have a trouble doing this (depends on how much access you have on your site though). So what is the best way of managing the session then??
Do any other people have better ideas or suggestions?
