Jump to content

session variables between http and https

kaliok

By kaliok
in PHP Coding Help

Recommended Posts

kaliok Member

kaliok

Posted
Posted

Hi

 

I hope someone can help.  I guess I am not putting the right search criteria in to find this topic if this type of question has been answered before. Hopefully someone can suggest what the best practice is to fix this. Thanks for any help inadvance.

 

I am using a SSL certificate on the server. I have some session variables I want to pass between http and https. Username,Email,Level,etc

 

It is my understanding that session variables are deliberately set up so they won't pass to each other like this.

 

The following is the code I use but when a user is logged it is fine when I move between http pages but when I try and move to the https page(s) it looses the session variables. I use the function below on every page.

 

If I log in using the https and then try and move into the http pages it does to the opposite and looses the session variable data when I move to the non-secure pages.

 

An example of the urls I am using is:

 

http://www.mywebsite.com

 

and

 

https://secure.mywebsite.com

 


session_start();

function auth_frontend($role = '') 
{

  global $custname;
  
  $_SESSION['name'] = "BOB";
  $ok=true;
  
  if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])) ) 
  {
  $ok=false;
  }
  
  if ($ok)
  {
  
    if(isset($_SESSION['user_id'])) 
    {
    	
    	$custname=$_SESSION['user_id'];
    	if ($custname=="") 
    	{
    	$_SESSION = array();
    	$custname="Guest";
  	return $custname;
    	}
    	//the session is valid
    	else  
    	{ 
    	return $custname; 
    	}
    }
    else
  	{
    	$custname="Guest";
  	return $custname;
  	}
    
  }
  else
  {
   	$custname="Guest";
  	return $custname;
  }
  exit();
}

discomatt Member

discomatt

Posted
Posted

Passing that data kind of defeats teh purpose... but if you must, there are a few ways. You could create a custom session handler, and simpyl create a cookie on the HTTP and HTTPS level. You could also create the session cookie manually on the HTTPS side using the session's session_name

kaliok Member

kaliok

Posted
  • Author
Posted

Thanks for your help. I am not quite sure I want to do this.

 

How is this done normally?

 

When someone logs in to their favorite website and their username stays at the top the site when they move between http and https what system is generally being used?

 

If I don't want to use cookies, do I therefore have to use post variables instead of session variables?

 

If so what would I change the following code to:

 

if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])) )

 

Thanks for your help again.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.