Hello everyone!
What would cause a session value to be lost, under HTTPS?
I have an application that works fine with HTTP, but does not recognize
(or see) the session values, under the secure server.What would cause
that?
I've trying setting the cookie path, domain name, and even enable
SESSION.COOKIE_SECURE, but to no avail.
Any suggestions? Am I missing anything?
The code is a simple login script with the following two pages:
==Login.php ===
$user = $_POST['user'];
$pass = $_POST['pass'];
$_res =mysql_query(...select from users where user=$user and
pass=$pass...);
//if match is found then set session vars
if(mysql_num_rows($_res)>=1){
$_userinfo = mysql_fetch_object($_res);
$_SESSION['user_id'] = $_userinfo->id;
$_SESSION['username'] = $_userinfo->username;
...
header('Location: mainpage.php');
return true;
}else{
//invalid user
//display error message...
...
//kill session
$_SESSION = array();
session_destroy();
. . .
}
=======end of login.php ===
==mainpage.php ===
//this is the user protected page
session_start();
//dump session content to screen
echo '<pre>';
print_r($_SESSION); //this prints an empty array. why?
===end of mainpage.php ===
Again, this works under HTTP , but not with a secure connection (HTTPS).
NOTE: The regular server name is 'mydomain.net', but the secure server
name is 'secure-servename.net'. Would this affect the session function,
even though it's the same machine?
What is happening to my session vars? Please advise.
=P e p i e D e s i g n s
www.pepiedesigns.com
Providing Solutions That Increase Productivity
Web Developement. Database. Hosting. Multimedia.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
