Reputation: 738
Passing session variables between HTTP and HTTPS
Certain hosting providers (like HostGator) provide shared SSL certificates for accounts. What this means is that my HTTPS link is a different domain from my HTTP.
ie: the urls are something like http://www.mydomain.com and https://secure123.hostgator.com/~bill/
I'm trying to log the user in on the secure domain, set session variables and then redirect to the home page. However, when doing this, the session variables are lost.
Insecure Index.php:
<?php session_start();
echo $_SESSION['name'];
?>
<html><body>
<p><a href="https://secure123.hostgator.com/~bill/login.php">Login</a></p>
</body></html>
Secure Login.php:
<?php session_start();
$_SESSION['name'] = "Bill";
header("location: http://www.mydomain.com/index.php")
?>
How can I ensure the session variables are able to be read by all files on both http and https?
Upvotes: 2
Views: 2818
Answers (1)
Reputation: 15464
You can provide your session id via GET.
header("location: http://www.mydomain.com/index.php?PHPSESSID=".session_id());
On another side you can turnon session.use_trans_sid
Or set session id with function session_id()
Manual: Passing the Session ID
Upvotes: 2
Related Questions
- Session lost when switching from HTTP to HTTPS in PHP
- PHP Session Variable Passing
- Understand & fix php session lost between https and http
- PHP session HTTP to HTTPS problem
- How to keep PHP session intact when another server is making the request?
- php access session data between HTTPS and HTTP
- PHP SESSION variables between https and http
- PHP - Maintaining session when redirecting from HTTP to HTTPS?
- Advice on Session var and Shared SSL
- https form validation not passing SESSION VARIABLES - PHP