[SOLVED] http to https on different domain

[jakebur01]

Could someone please walk me through passing a session from http on one domain to https on another?\

 

thanks,

 

jake

[jakebur01]

has anyone ever done this?>

[m1a2x3x7]

I'm still working on it give me sometime 

[lightningstrike]

Store the session data serialized in a database table with the session id.

 

Then redirect the user to the secure page with the session id e.g <https://www.domain.com/regen.php?PHPSESSID=832h2bdssdfadfd>

 

regen.php renames the session id to a random value to avoid session fixation and stores it in a secure cookie and redirects them once again to another secure page where they can continue browsing.

 

I'm assuming thats the kind of thing your looking for.

[jakebur01]

could you serialize it and pass it through the url then get it on the https page?

[jakebur01]

I don't want to store this in a database. I want to go through a cookie.

[micah1701]

I want to go through a cookie.

 

i don't think you can do that because one site can't read the cookies from another.  but i'm not claiming to be a cookie expert.

[d22552000]

one site can read another's cookies, althgouh its a security whole in IE7m it still can.

 

in the cookie http read request choose domain="whatevertheredirectsitewas"

and because of IE7 bad programming, and IE6, and FF2 not being fixed. u will get it -,-.

[jakebur01]

Do you have any code to show me an example?

 

what to put on page a >  link to page b

 

what to put on page b (this is also a ssl page) I just need my session from page a here on page b

 

 

[m1a2x3x7]

"you cant share sessions across different domains and http - https make them different

 

why not drop the order details in the db before switching to https

 

you can get the last db_id and append it to the checkout link then perform a $_GET['db_id'] to catch the id in the https page. Then use the id to query the db and retrieve the order details"

 

a good programming friend told me this