Sessions over HTTPS

bennetts

We are currently developing a site for which we do not currently have the domain on the server.

Sessions are working fine over HTTP on the temporary domain but when we try to cross over to HTTPS we lose the Session.

The secure certificate is set up in the "real" domain name.

Does anyone know if this would effect Sessions, our theory being that as the domain name and SSL certificate name don't match the Session is not carried for security reasons?

We also notice that in our phpinfo() under HTTP session.auto_start is on yet under HTTPS it is off?

Our session.save_path is also different under HTTPS though it is set correctly in our php.ini

Regards
Sean

Wynder

Not sure, but I'd say set them the same. The save path is where you're actually saving the files. If someone connects via HTTP and their sessions is saved in c:\tmp, when they switch over to HTTPS it's going to look in HTTPS path and the sessions won't be there.

bennetts

Thanks to those that have looked at this but it seems our problem is that our host hadn't compiled PHP correctly on our server and they had set the wrong permissions on the tmp directories just to complicate the issue.

drawmack

it's always nice when it's someone elses fault, then I don't have to do a fight-club thing with myself.