Current location: Hot Scripts Forums » Programming Languages » PHP » When moving to ssl, sessions are gone...


When moving to ssl, sessions are gone...

Reply
Page 2 of 2 1 2
 
LinkBack Thread Tools Display Modes
  #11 (permalink)  
Old 07-15-08, 11:38 PM
mab's Avatar
mab mab is offline
Community VIP
  
Join Date: Oct 2005
Location: Denver, Co. USA
Posts: 2,674
Thanks: 0
Thanked 0 Times in 0 Posts
If you are regenerating the session id and it gets regenerated immediately on the https/ssl connected page, the new one will be exchanged over the encrypted connection and any previous session id won't be valid.
__________________
Error checking, error reporting, and error recovery. If your code does not have these to get it to tell you why it is not working, what makes you think someone in a programming forum will be able to tell you why it is not working???
Reply With Quote
  #12 (permalink)  
Old 07-16-08, 05:51 PM
wirehopper's Avatar
wirehopper wirehopper is offline
-
  
Join Date: Feb 2006
Posts: 2,515
Thanks: 20
Thanked 109 Times in 106 Posts
You may want to force session initiation through HTTPS - that would ensure the session is not lost as the user transitions into SSL.
Reply With Quote
  #13 (permalink)  
Old 07-16-08, 07:06 PM
phpdoctor's Avatar
phpdoctor phpdoctor is offline
Code Guru
  
Join Date: Feb 2007
Location: New Zealand
Posts: 767
Thanks: 4
Thanked 2 Times in 2 Posts
Ye i was going to use the regenerating thing but had problems...
I can get the session back when on the ssl area back that requires sending the session id which i dont want.

Any good way of sending the session id and keeping it secure?

Thanks,
Lex
__________________
01010000 01001000 01010000
Reply With Quote
  #14 (permalink)  
Old 07-16-08, 07:27 PM
mab's Avatar
mab mab is offline
Community VIP
  
Join Date: Oct 2005
Location: Denver, Co. USA
Posts: 2,674
Thanks: 0
Thanked 0 Times in 0 Posts
When a page is requested by a browser, the only information you get is what the browser sends. This includes the URL, any parameters on the end of the URL, and any headers sent with the request, such as cookies or post data. The only why to get the session id that corresponds to that visitor is if the browser sends it to you.
__________________
Error checking, error reporting, and error recovery. If your code does not have these to get it to tell you why it is not working, what makes you think someone in a programming forum will be able to tell you why it is not working???
Reply With Quote
  #15 (permalink)  
Old 07-16-08, 11:00 PM
phpdoctor's Avatar
phpdoctor phpdoctor is offline
Code Guru
  
Join Date: Feb 2007
Location: New Zealand
Posts: 767
Thanks: 4
Thanked 2 Times in 2 Posts
Ye i know that
I just want a way send that visitors information to the ssl bit without others stealing it...

Lex
__________________
01010000 01001000 01010000
Reply With Quote
  #16 (permalink)  
Old 07-16-08, 11:19 PM
mab's Avatar
mab mab is offline
Community VIP
  
Join Date: Oct 2005
Location: Denver, Co. USA
Posts: 2,674
Thanks: 0
Thanked 0 Times in 0 Posts
Then only use https/ssl for sending the session id back and forth between the browser and the server.
__________________
Error checking, error reporting, and error recovery. If your code does not have these to get it to tell you why it is not working, what makes you think someone in a programming forum will be able to tell you why it is not working???
Reply With Quote
Reply
Page 2 of 2 1 2

Bookmarks

« delete duplicate rows in mysql using php | Client Side Image Resize »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Web Proxy Script (basictly a website proxy site) with SSL support soccerdude21490 Script Requests 0 04-25-06 03:01 PM


All times are GMT -5. The time now is 07:50 AM.
vBulletin® Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.