Reputation: 568
Understand & fix php session lost between https and http
I have developed a mvc site from scratch and locally it works, but what a surprise ! Trying the site uploaded to my hosting it doesn't work.
The login sequence is the following: Every page checks if you are loged (http) and redirect to login page (https) if you don't. Always you will be redirected to login page.
After some research, I have discovered the reason: php session is lost between https and http.
I don't understand why works locally and remotely not, but I think due php local settings set php sesssion identifier as PHPESSID for http & https and remote settings not.
Thinking about the trouble, I understand I can fix the issue passing the session identifier from https to http or making the whole site https rewriting the urls as follow:
intranet.mysite.com/anypage/
Hosting shared ssl https://server.subdomain/~user/public_html/intranet/anypage/
Additional information
the page is hosted under hostgator. The url paths are
site intranet.mydomain.com
ssl shared access https://gatorxxx.hostgator.com/~user/intranet
how I can make session works between urls ?
thanks.
Upvotes: 1
Views: 762
Answers (1)
Reputation: 510
If I understand correctly you host the SSL page on a different domain? The PHP session cookie is lost then, because the cookie is bound by subdomain (or domain, whichever the cookiedomain is set to).
Upvotes: 3
Related Questions
- Session lost when switching from HTTP to HTTPS in PHP
- Passing session variables between HTTP and HTTPS
- Losing session after page load after move to SSL
- PHP session HTTP to HTTPS problem
- php session sometimes not avaliable after passing to another domain
- SSL and Session Hijacking/Fixation
- php access session data between HTTPS and HTTP
- php sessions empty using ssl?
- PHP Sessions getting wiped between between SSL/non-SSL pages, even in separate tabs
- PHP SESSION variables between https and http