SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Zealot shoorace's Avatar
    Join Date
    Jun 2005
    Location
    Florida
    Posts
    142
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Cross domain session variable problem

    I am using payment pro for of PayPal in my site, in which I have used PayPal API. Basically I implement PayPal payment by uploading all pages of my site to https domain, becouse payment works in https domain only.

    But I need is I need to implement by PayPal payment from http domain only, ie uploading my site to http domain. But in this scenario, session variable is used to store instantaneous shopping cart info, which is not possible to send to https domain.
    So, please anybody any solution for this.

  2. #2
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    cookies arent shared across http and https. cookies hold the session id by default.

    you need to manually pass the session id when crossing from http to https. however, you should only need to do this once. once the user has visited both an http page and https page which have calls to session_start() in them, they should have a cookie for both and you will no longer need to send the sid manually. you could set a flag in a session variable once you know they have a cookie for both http and https.

    it can be dangerous to pass the session id in the url. read up on session hijacking to find out why.
    if possible, add it as a hidden field in a form which submits via POST.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •