#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2002
    Location
    Netherlands
    Posts
    458
    Rep Power
    17

    Why do sessions dissappear when entering a ssl webpage


    Hi,
    I've read about this in this forum, and am experiencing it myself: When sessions are created in a http section of a website, and than the user enters a https section (ssl), sessions don't work anymore. Furthermore the sessions are distroyed, so when leaving the https (ssl) section, the sessions variables cannot be retreived anymore.

    So my question is really:
    1) Why do sessions get distroyed when entering a https. I just don't get the logic of it.
    2) Will sessions remain, if I don't use any sessions in a https webpage, so when I return to a regular http page, I can use the sessions again.

    Kind regards
    Patrick
  2. #2
  3. No Profile Picture
    Web.Dev.
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2001
    Location
    Nottingham, UK
    Posts
    68
    Rep Power
    18
    Hiya cuboctahedron,

    As far as I know, sessions created while using an unsecure connection cannot be counted as secure when the user enters a secure area. The session should not be destroyed, rather ignored, while in the secure SSL area.


    - Brent
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Posts
    108
    Rep Power
    16
    And as far as I am concerned YOU have already made this post two days ago.
  6. #4
  7. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Posts
    29
    Rep Power
    0
    The only way I know is transporting the sessionid trough a get/post variable and after having switched to ssl, setting the sessionid manually via session_id($_GET['mysessionid']) before the session is being started.

IMN logo majestic logo threadwatch logo seochat tools logo