jtonsfeldt;10933424 wrote:I have developed a PHP based shopping cart for a small store. I have been having trouble passing session variables from HTTP to secure HTTP. So I have two questions:
1 Are there any disadvantages to running the entire site on HTTPS?
From what I've read, it's not always cut and dried that it hurts overall performance: there are a lot of variables that go into the equation. For example, see A Performance Analysis of Secure HTTP Protocol. Ultimately you can only answer this question for sure by thorough performance testing.
2 Is there a method for sending session information to the secure server?
I've usually seen this issue with "shared" SSL certificates, due to the shared certificate actually existing on a different domain than the web site. Sending the session ID via post/get as mentioned above is probably the best solution I can think of if you (i.e. the client) are not willing to purchase your own site-specific SSL certificate.
