http and https variables

msound

I have a pretty basic login page that queries a mysql database table for a username and password. If a record is found then it pulls other information from the database table and sets that info to php SESSIONS. Those sessions are used to give the user a personalized experience on the web site.

That part is easy, but now I want my index.php and login.php pages to be served up with SSL. Then once the user has authenticated I'll transfer them to a standard http web site.

My problem is whenever I set a SESSION value on an https web page, I can't access that value on the regular unencrypted web site. So how do web sites authenticate users via an https web page, while serving up the dynamic content on the rest of the site as [url]http://?[/url]

devinemke

are the HTTP and HTTPS sections of your site on the same physical server? if so then the session is still there you just have to propagate the session via the URL:

$url = 'https://www.example.com/index.php?' . session_name () . '=' . session_id ();

if they are not on the same physical machine then i suggest you [man]serialize[/man] the $_SESSION array, stuff it in a temp db table and then pull it back out and [man]unserialize[/man] on the other side.

MarkR

If they are in the same domain, you can set the session cookie's domain to that domain (this still requires them to be on the same server, as suggested above).

If they are in different domains, you are totally stuffed, as cookies cannot be transferred from one domain to another.

Buy a proper SSL certificate in the latter case 🙂

Mark