Thanks again for the suggestions.
At this point, what I'm wanting to do is stay away from keeping session vars in the URL.
I know this is pretty convoluted, but due to the nature of setting the session vars while on HTTPS (after doing authentication) and then going back to HTTP and needing access to those set session vars, I'm doing this:
https: //somesite.com/signin.html [user enters credentials. has action to dosigning.html]
https: //somesite.com/dosignin.html [with successful authentication, set's session vars and does header() redirect to midpoint.html?a=$session_id]
http: //somesite.com/midpoint.html (note: not on https anymore).
midpoint.html code:
if ($_GET['a']) {
$temp_sid = $_GET['a'];
if (strlen($temp_sid) != 32 && preg_match('/^[a-z0-9]+$/', $temp_sid)) {
//**** ERROR ****//
} else {
$temp_file="/path/to/session_vars/sess_".$temp_sid;
$contents_temp_file = file_get_contents($temp_file);
$session_vars = explode(";", $contents_temp_file);
$count = (count($session_vars) - 1);
for ($i=0;$i<$count;$i++) {
$piece1 = explode (":",$session_vars[$i],2);
$piece2 = explode (":",$piece1[1]);
$piece3[] = explode ("\"",$piece2[1]);
echo "piece3: ".$piece3[1]."<br>";
}
}
} else {
//**** ERROR ****//
}
//session_start();
//session_regenerate_id();
//$_SESSION["Var1"] = $piece3[0];
//$_SESSION["Var2"] = $piece3[1];
//etc
header (redirect to final page on http that it and all other http pages will now have access to newly set session vars);
Clearly, this is not ideal, but given this situation...how could the part about parsing the data out of the initial session file be done more efficiently?
$temp_file="/path/to/session_vars/sess_".$temp_sid;
$contents_temp_file = file_get_contents($temp_file);
$session_vars = explode(";", $contents_temp_file);
$count = (count($session_vars) - 1); //**** Need to subtract one ****//
for ($i=0;$i<$count;$i++) {
$piece1 = explode (":",$session_vars[$i],2);
$piece2 = explode (":",$piece1[1]);
$piece3[] = explode ("\"",$piece2[1]);
//**** $piece3 is the final data in an array to be used for setting the new session vars.\
}