[Resolved] Sessions get blocked when I enter the secure sever area?

airric

Seesions get blocked when I enter the secure sever area?

It seems that my sesssions are not carried in the secure https!

basically my code states:

if userid is = session userid

then grab cart info from the database where the session userid and cart userid are equal

This works fine until I try to finish the sale and pass the info in the secure sever area to the payment processor or when I try let them view their account info in the secure area

What am I doing wrong?

jabba_29

Are you going from your site, http://yoursite.com to https://yoursite.com?
If so, you can't carry sessions from normal to secure. You may need to probably pass the session in URL for the first entry page of your secure site.

treeleaf20

What about if your going from a secure server to a non-secure server?

devinemke

just to expand on jabba_29's point: sessions are simply plain text files that reside on the server. if you are going from one physical server to another then your session won't exist on the second server. if your HTTP content is on the same physical machine as your HTTPS content then you must manually propagate the session id via the URL as PHP will not do it for you.

from the manual:
http://www.php.net/manual/en/ref.session.php

Note: Non-relative URLs are assumed to point to external sites and hence don't append the SID, as it would be a security risk to leak the SID to a different server.

http://yoursite.com and https://yoursite.com are 2 different domains and as such the session id is not propagated.

one way around the problem of having 2 separate physical servers is the stuff the session array into a temp database table (to which both servers have access) and pull it out on the other side.

airric

That's what I needed to understand. I think I'll just treat my HTTPS as the logged in server and the http as the area for visitors that haven't logged in yet. You think that work well. Basically when you logged is when you have a account info and history pages anyway, Thank Guys I really apriciate the input.