[PHP] Re: sessions and https

[Richard Lynch]

Do sessions not work when using an https connection?  It seems I'm losing my
data between pages.

You will need to pass the Session ID from page to page any time the user
crosses the HTTP/HTTPS boundary.

Actually, once you pass it, it will stick around on both, but you may want
to be sure and synchronize by passing it on every boundary point.

But Cookies sent to the HTTPS are not on the HTTP and vice versa.

That ain't PHP, that's just how cookies work.

-- 
Like Music?  http://l-i-e.com/artists.htm
I'm looking for a PRO QUALITY two-input sound card supported by Linux (any
major distro).  Need to record live events (mixed already) to stereo
CD-quality.  Soundcard Recommendations?
Software to handle the recording? Don't need fancy mixer stuff.  Zero (0)
post-production time.  Just raw PCM/WAV/AIFF 16+ bit, 44.1KHz, Stereo
audio-to-disk.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: sessions and https

[Chris Shiflett]

Richard Lynch wrote:

But Cookies sent to the HTTPS are not on the HTTP and vice versa.

That ain't PHP, that's just how cookies work.


Are you sure about this? That's definitely not how the specification 
reads (assuming I'm interpreting what you're trying to say correctly), 
and that is not what my experience has shown either.

A secure cookie will only be transmitted when the request is being sent 
over a secure connection, but an ordinary cookie does not carry this 
restriction and would thus not care whether the connection was secure. 
As someone else suggested, if the domain name is changing, then that is 
the access restriction that is keeping the cookie from being sent, not 
whether the connection is secure.

Happy hacking.

Chris



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php