On 13 June 2013 19:46, Jim Halfpenny <[email protected]> wrote: > Without more info it's difficult to stay. Cookie scope?
No, its a session cookie being set at the root of each site and then being accessed at the root > Session stickiness on backend app servers? Not sure what you mean by that > Does behaviour change depending on whether HTTP or HTTPS are hit first? No Robin > > Regards, > Jim > > On Jun 13, 2013 7:08 PM, "Robin Wood" <[email protected]> wrote: >> >> I've got a client I'm doing some dev work for and they have a website >> that spans HTTP and HTTPS and the site needs to pass a session cookie >> between both. Ignore the fact that this isn't the best way to do >> things, it is a legacy site and there isn't rewrite budget. >> >> The problem I've got is that occasionally the two sides don't appear >> to be sharing the same session file on disk so values put in to the >> session on the HTTP side are not appearing on the HTTPS side and vise >> versa. It isn't consistent and I've not been able to pin down any >> pattern when it does it. >> >> The hosting company is a black box who haven't been able to offer much >> help. They say that there is no load balancer in place and that both >> the sites are running on the same Apache instance with no special >> config beyond the default. >> >> I've put a test script on both sides which displays the current >> session id and tries to store and retrieve values, the session ids >> match over the two sides so it isn't the browser doing something and >> messing those up. >> >> Can anyone suggest anything that could cause this? If the two sides >> were consistently unable to share things then I'd put it down to both >> using different session files on disk. If it were that a session >> created on HTTPS couldn't be seen by HTTP then it could be the secure >> flag, but that isn't set. >> >> Robin >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
