PHP Sessions HTTP to HTTPS

duckduckgoose

I'm very confused.

My script sets session variables in a normal http environment. On one computer, I click a button which takes me to https and everything works fine. On another computer, I click the same button, and all of my session data is lost. The browser versions are the same, and they both have the same settings. Why would this happen? I've cleared my cache on both machines, but this is still the case. :eek: How do I maintain session data from http to https, without having to write everything to a database?

MarkR

You are probably using cookies to maintain session state.

This is fine, but you must be consistent in what host name you use for your server.

Your server must respond to one, and EXACTLY ONE host name. This must be the same host name for HTTP as for HTTPS.

So if you were to visit http://example.com/ then got directed to https://www.example.com/ , you would not have the same cookies.

I am of course assuming that your session handler is set up the same between the HTTP and HTTPS sites - but that is a problem for your PHP / web server setup.

If you have multiple other domains, or want people to be able to use http://example.com/ , get all those domains to do a redirect rather than serving any content from them.

You MUST redirect any other domains rather than serving the site from multiple domains.

This is also of benefit to search engines.

Mark