SSL page divert

steveDD

Hi I am having issues with my SSL.

I have put my admin area in SSL folder and it all works fine with the padlock.

I am trying to now sort my website and think I should only put in the login, registration forms and things like that.

However obviously when I click login and it diverts to the requested page i.e.

login at https://mysite.ssl.com/login.php it should then confirm and divert to a unsecured part http://www.mysite.com/mainsite.php.

I have the following bit of code at the top of each of my pages.

<?php
session_cache_expire(40);
session_start();
if (!isset($_SESSION['userid'])) {
    header( 'Location: login.php' ) ;
}

?>

obviously becuase it has to go to a my unsecured FTP it is losing the userid on transfer. Can anyone advise how I can do this?

Also I have some flash files that keep prompting the message unsecure and secure items on page display unsecured items, yes or no (only on Microsoft Explorer) Firefox is fine. Can anyone also advise what do I do with flash?

Kudose

I am pretty sure sessions are not transferable between SSL and non-SSL.

You could try supplying the session ID and starting your SSL session off of the non-SSL ID, but that probably won't work either.

The only option I can think of is to store the session data in a file and load it back in when the user goes secure.

Also, if you send any data over SSL that is not secure, SSL will puke at you. You have to send all data over SSL, including the flash elements. That means all images, flash, CSS, JS and everything else needs to be included via https