SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Enthusiast
    Join Date
    Nov 2002
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    My ssl is killing my session variables.

    Hi all,

    I have a page with session variables on. When this form page submits to a page by ssl these seem to disappear - is there anything I can do to keep them ? Sessions are started on every page but no good !

    Any help appreciated !

    Yours,

    Rich

  2. #2
    SitePoint Guru
    Join Date
    Feb 2002
    Posts
    625
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hmm..this is very weird. I'm working on a project where everything runs on SSL, and no problems sofar.

    This may be a stupid question, but are your sessions preserved in general? Or does it just happen if you connect to an ssl secured page?

  3. #3
    SitePoint Enthusiast
    Join Date
    Nov 2002
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes. The first and second page both have session start at the top. Page 1 has about 5 session variables and when I go to page 2 via ssl, they all disappear ! This is using a shared ssl provided by my host, but that should't make a difference should it ?

    Rich

  4. #4
    No. Phil.Roberts's Avatar
    Join Date
    May 2001
    Location
    Nottingham, UK
    Posts
    1,142
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It will make a difference as the session cookie will be bound to your domain.

    One workaround is to use a session handler to store the data in a database, and pass the session ID via the URL.

  5. #5
    SitePoint Enthusiast
    Join Date
    Nov 2002
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for this Phil. I guess it would be fine if I did not have this shared ssl that takes me via another domain.

    Rich

    Quote Originally Posted by Phil.Roberts
    It will make a difference as the session cookie will be bound to your domain.

    One workaround is to use a session handler to store the data in a database, and pass the session ID via the URL.

  6. #6
    Non-Member coo_t2's Avatar
    Join Date
    Feb 2003
    Location
    Dog Street
    Posts
    1,819
    Mentioned
    1 Post(s)
    Tagged
    1 Thread(s)
    I recently had the same problem using a shared ssl certificate.

    When the secure page was loaded it created a new session because the domain for the secure server was different(I guess?).

    It took me a while to figure out that it was actually creating a new session.

    What I did was pass the session id in the url and then give the newly
    created session(useless session) the id of the old(good) session.
    So the new session basically becomes a part of the old one.

    Don't know if this is a good solution but I think it's been working pretty good so far.

    PHP Code:
    <?php

    $sessionDir 
    session_save_path().'/';

    $sessFileFromQueryStr $sessionDir.'sess_'.$_GET['_sid'];

    if ( 
    file_exists($sessFileFromQueryStr) )
    {   
    session_id($_GET['_sid']);
    }
    else
    {   
    // problem with session id, do error stuff.. 
    }

    ?>
    --ed

  7. #7
    SitePoint Enthusiast jessegavin's Avatar
    Join Date
    May 2003
    Location
    Minneapolis, MN USA
    Posts
    62
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    For what it's worth, in ASP when you switch between normal and SSL the Secure server will issue a new Session ID. I had to pass my SessionID via the querystring


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •