I'll check that. Robin On Jun 13, 2013 9:04 PM, "Danilo Nascimento" <[email protected]> wrote:
> Peharps session.referer_check is enable?* * > http://www.php.net/manual/en/session.configuration.php#ini.session.referer-check > > []'s Danilo Clemente > > > On Thu, Jun 13, 2013 at 5:00 PM, Robin Wood <[email protected]> wrote: > >> >> On Jun 13, 2013 8:51 PM, "Danilo Nascimento" <[email protected]> >> wrote: >> > >> > Do both sites use the same php.ini? >> >> Not sure, I'll check >> >> > The hostname is the same? >> Yes >> >> > >> > Is it a session cookie or a persistent cookie ( I think that a session >> cookie depending on browser are not shared between http and https) >> >> Session cookie. If it weren't shared then it would never work but it does >> some of the time. >> >> > You can use the chrome "Developer Tools" (F12 on chrome) -> resources >> -> Cookies to check this out. >> > >> > Take a look at this page: >> http://www.php.net/manual/en/session.configuration.php#ini.session.save-handler >> > Maybe they aren't sharing the same handler. >> >> But why would this be occasional and not permanent? >> >> Robin >> >> > >> > >> > >> []'s Danilo Nascimento >> >> > >> > >> > On Thu, Jun 13, 2013 at 4:32 PM, Robin Wood <[email protected]> >> wrote: >> >> >> >> Hi >> >> It is mod_php running on apache/Linux and you are right, it is php >> that handles the sessions not Apache. >> >> >> >> Any ideas? >> >> >> >> Robin >> >> >> >> On Jun 13, 2013 8:03 PM, "Danilo Nascimento" <[email protected]> >> wrote: >> >>> >> >>> >> >>> >> >>> Hi Robin. >> >>> >> >>> It sounds like it is a platform dependent issue. >> >>> As far as i know the sessions storage are handle by >> AppServer/Plataform and not by apache itself (Apache only pass the session >> cookies to the plataform) >> >>> >> >>> What language/plataform are they using? (PHP, JavaEE, .Net, asp e >> etc?) >> >>> How does the apache respond to the requests ( A specific Handler, >> mod_proxy, a CGI/FastCGI e etc) ? >> >>> >> >>> >> >>> []'s Danilo Nascimento >> >>> >> >>> >> >>> On Thu, Jun 13, 2013 at 5:54 AM, Robin Wood <[email protected]> >> wrote: >> >>>> >> >>>> I've got a client I'm doing some dev work for and they have a website >> >>>> that spans HTTP and HTTPS and the site needs to pass a session cookie >> >>>> between both. Ignore the fact that this isn't the best way to do >> >>>> things, it is a legacy site and there isn't rewrite budget. >> >>>> >> >>>> The problem I've got is that occasionally the two sides don't appear >> >>>> to be sharing the same session file on disk so values put in to the >> >>>> session on the HTTP side are not appearing on the HTTPS side and vise >> >>>> versa. It isn't consistent and I've not been able to pin down any >> >>>> pattern when it does it. >> >>>> >> >>>> The hosting company is a black box who haven't been able to offer >> much >> >>>> help. They say that there is no load balancer in place and that both >> >>>> the sites are running on the same Apache instance with no special >> >>>> config beyond the default. >> >>>> >> >>>> I've put a test script on both sides which displays the current >> >>>> session id and tries to store and retrieve values, the session ids >> >>>> match over the two sides so it isn't the browser doing something and >> >>>> messing those up. >> >>>> >> >>>> Can anyone suggest anything that could cause this? If the two sides >> >>>> were consistently unable to share things then I'd put it down to both >> >>>> using different session files on disk. If it were that a session >> >>>> created on HTTPS couldn't be seen by HTTP then it could be the secure >> >>>> flag, but that isn't set. >> >>>> >> >>>> Robin >> >>>> _______________________________________________ >> >>>> Pauldotcom mailing list >> >>>> [email protected] >> >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >>>> Main Web Site: http://pauldotcom.com >> >>> >> >>> >> >>> >> > >> > >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
