Hi, I beleive that if both servers run the same hostname (www.foo.com) (cookie domain) and both session files are stored in the same place (/tmp), then the session is unique for 80 and 443 ports.
you could simply test this be adding a $_SESSION['foo']='port80'; on the HTTP server instance and trying to print($_SESSION['foo'] when the user enters the HTTPS (443) pages However, i believe this could be a security issue if both secure and non secure sites use the same cookie. keep us informed. Vincent -----Original Message----- From: Dmitry Ruban [mailto:[EMAIL PROTECTED] Sent: mercredi 2 juin 2004 15:02 To: [EMAIL PROTECTED] Subject: [PHP] sessions handling Hi folks, We have two instances of apache/mod_php running on 80 and 443 ports accordingly. For both mod_php we have the same dir (/tmp) to store session information. Is it possible to mix sessions data up if user switches between 80 and 443 ports? I mean what if when user surfs over 80 port and has already sessionID in this mod_php context(PHPSESSID stores in cookie), then he jumps to 443 instance, would that mod_php correctly find proper session file? Is it possible that PHPSESSID in 443 context hasn't been initialized and mod_php won't get proper file? Regards, Dima Ruban -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
