Passing session IDs to non-relative URLs

robind2

Hello,

Quick question... I'm losing my session id whenever i try linking to a non-relative URL (ie when i'm linking to my check-out page that needs to be [url]https://...[/url]).

Now, I read that when using URL based session data, the session ID is not passed to non-relative URLs due to security reasons... is there any way I can get around this? Or am I simply doing something wrong here?

I have use_trans_sid enabled in order to send transparent session id's throughout my page, so should I simply pass the session id in the URL string everywhere where I'm linking to a non-relative URL? And is there someway to do it transparently so it doesnt show up in the address bar?

Thanks so much,
Dan

phpmaven

I don't think there's any way around it. If you don't append your session id to the url when you call a page on https://www.whatever.com from http://www.whatever.com you are going to lose your session.

Why is it a problem if it shows in the address bar?

robind2

I actually came across a solution to the problem... you can call

ini_set("session.cookie_domain", ".mydomain.com")

before calling session_start() on every page so that the session id will be passed throughout mydomain (whether using relative links or not) but still wont be passed to any other domain.

phpmaven

Well, shut my mouth!

Thanx for the tip.