Problem: hosts "http://www."; and "https://secure."; of the same domain need
to work with the same browser session_id.  This is a
login/authenticate/redirect scenario.  In this case the session data store
is a common MySQL database, so the issues of /tmp sharing, NFS, etc. are set
aside.  My platform is Apache 1.3.22 and RH Linux 7.1.

What PHP v4.1.x method of exchanging the session_id and session_name is most
secure, most effective, and generally makes good soup?

I've had some success with initial tests in appending
'?PHPSESSID=29AE490...' to the URL and link hrefs, but that really seems
ugly and unnecessary..... hopefully there's a better way!?

This question seems to get asked a lot in the archives but there doesn't
seem to be a "guideline" resolution.


PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to