[PHP] Cookies https
I have a site that is using a shared ssl certificate. When running on the site, the host is of the form host.com. When running in ssl mode, the domain is of the form host.certhost.com. ping shows that both resolve to the same ip address. Is there a way to create a cookie in the unsecured area and have it available when going through the ssl certificate? tia ---Michael -- Fight software piracy! Don't pirate MS Office - that's theft. Instead, use ours - it's legal and free www.openoffice.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cookies https
Michael Satterwhite wrote: I have a site that is using a shared ssl certificate. When running on the site, the host is of the form host.com. When running in ssl mode, the domain is of the form host.certhost.com. ping shows that both resolve to the same ip address. Is there a way to create a cookie in the unsecured area and have it available when going through the ssl certificate? Short answer: No Long answer: N Seriously though, for security reasons you cannot set cookies from one domain for another domain. You'll need to come up with another way to pass a secure token or just leave them on the secure site. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cookies https
On 5/22/06, Michael Satterwhite [EMAIL PROTECTED] wrote: I have a site that is using a shared ssl certificate. When running on the site, the host is of the form host.com. When running in ssl mode, the domain is of the form host.certhost.com. ping shows that both resolve to the same ip address. Is there a way to create a cookie in the unsecured area and have it available when going through the ssl certificate? Nope. They are different domains. If they were on the same basic domain, you could (see http://wp.netscape.com/newsref/std/cookie_spec.html specifically the domain section) but completely different domains isn't an option. PHP sessions would work though. Explicitly pass the session across and it should work (well, I think!). -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cookies https
On 5/22/06, Michael Satterwhite [EMAIL PROTECTED] wrote: I have a site that is using a shared ssl certificate. When running on the site, the host is of the form host.com. When running in ssl mode, the domain is of the form host.certhost.com. ping shows that both resolve to the same ip address. Is there a way to create a cookie in the unsecured area and have it available when going through the ssl certificate? tia ---Michael -- Fight software piracy! Don't pirate MS Office - that's theft. Instead, use ours - it's legal and free www.openoffice.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php If by cookie you mean your PHPSESSION cookie, this is sort-of possible. My work has a shared certificate for those whom don't wish to purchase their own. This only works if http and https servers are on the same machine. - on regular page (cart) make link to another regular page (checkout) that should become secure - save session id to db, fetch last returned id. - create ssl href with ?id=last returned id - load session from the DB using the key - delete session id from DB since it is now shared between domains - call session_regenerate_id ...becomes... http://www.example.com/cart.php http://www.example.com/checkout.php https://ssl.example.com/example/checkout.php I'm not really sure how important the whole hide the session id thing is considering I regenerate the ID. But better safe than sorry I guess. :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cookies https
On Mon, May 22, 2006 6:49 am, Michael Satterwhite wrote: I have a site that is using a shared ssl certificate. When running on the site, the host is of the form host.com. When running in ssl mode, the domain is of the form host.certhost.com. ping shows that both resolve to the same ip address. Is there a way to create a cookie in the unsecured area and have it available when going through the ssl certificate? No. You'll have to transmit the Cookie through your web application interface in some fashion. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php