Passing Cookies from http to https

Rolman

Hello,

Please excuse any mistakes here. I am posting this on behalf of my programmer in the effort to trouble shoot a bug.

Basics:
- php/my sql solution
- we have our own server (Unix)

When someone is registering for a program through my site, they go through the options and narrow down to the item they want. Once they click to the summary screen, all of their selections are saved to the database. Those selections are assigned a unique id by the database. That ID is placed into a cookie “ShoppingCartID”.

From that point forward I reference their cart by the cookie id. So when they go into the “Create your profile” page, I’m aware of their cart id the whole time.

The bug arises when they complete creating their profile and they continue to the “https” part of the site to pay online. For some reason the cookie was disappearing at that point. This does not happen to all users all of the time. Maybe 5 in 100.

As I said, I did a bunch of research on why that could possibly happen. I talked with a lot of programmers who had the same problem – and despite the fact that the PHP documentation states that the cookies should remain across the move from http to https, there are instances where this fails to happen for some unknown reason.

The fact that it was such a “mystical” occurrence which was not consistently occurring, combined with the fact that the my old server was screwed up in many ways led me to believe that it was actually the server failing to retrieve the cookie value when loading pages on https.

Now that I know this is not the case, I have two more solutions that I am trying. I just implemented the first one. The only thing to do now is wait to see if people keep getting the error – because I have still been unable to duplicate the bug.

If this solution doesn’t work, my final solution is to pass the shopping cart id in the querystring when the user moves from http to https. This is an absolute failsafe – but not something I want to do because it gives the user an opportunity to screw around with the shopping cart id (And possibly hijack other people’s carts if they were so inclined).

Does anyone have any ideas with respect to this?

tsinka

Hi,

how does the code look like that sets the cookie.

Are the two scripts in different subdirectories ? Specify the path the cookie is valid for in the setcookie function call to / in that case.

Thomas