johlwiler Posted August 31, 2007 Share Posted August 31, 2007 Hey I have not worked with ssl before. I am integrating with a payment solution and am sending credit card information to the processing area. I am required to use SSL which I completely understand and it is fine. I have session varibles on all the admin pages to check who the user is and either allow them to view the page or not. My problem is that when ever I access my php pages via https I get the error I am not logged in. I have a die statement. Just for the fun of it I tried a few other files in the admin area and same things. When I logged in via https my session stayed throughout. so my question is do session clear or change or something when you go to ssl. Is there a way around this. I really don't want to take the session variables off the page because it helps keep me protected and also I do use some of the information stored in the session for some of the processing. Is there away to properly transfer a session to SSL. I am really lost because I can't find much information about this anywhere? I am not totally sure how SSL works. I am using a shared certificate. I don't know if that makes a difference. I don't want to past the whole code because there is some sensitive information in there and it is very long. But I will past some on request of what you need. Here is how I start my pages with the sessions. It has always worked for me in the past. At least till SSL. <?php @session_start(); ?> <?php //get userid needed ad so on $loginID=$_SESSION['loginID']; $username=$_SESSION['username']; //checks to see if the user is logged in if(!isset($_SESSION['username'])){ die ("You either are not logged in or you do not have permission to view this page you must log in. If you feel this is a mistake click here to <a href='../logout.php'>log out</a>, then immediatly log back in and try agian."); } include("../constents.php"); My version of php is 4.4.2 running on a pretty standard LAMP configuration. Any help would be great. Thanks Quote Link to comment Share on other sites More sharing options...
johlwiler Posted September 1, 2007 Author Share Posted September 1, 2007 Should I include what my phpinfo file says about ssl would that be any help to my problem? Quote Link to comment Share on other sites More sharing options...
johlwiler Posted September 3, 2007 Author Share Posted September 3, 2007 bump-- someone please take the time to look at this. I read some stuff about saving a session and retrieving a session has anyone done that before Quote Link to comment Share on other sites More sharing options...
d22552000 Posted September 3, 2007 Share Posted September 3, 2007 uh IDK from my session thing I was diong, I got this code workingifne, but I suck with ssl so uh.. that mgiht be the problem? --also a bump-- Quote Link to comment Share on other sites More sharing options...
johlwiler Posted September 3, 2007 Author Share Posted September 3, 2007 Ok I got around the issue by taking all of my session variables that were need for the one page and posting them through a form in a long about way. I only need 2 of them and it wasn't really a security risk were I did it. Then after I leave the ssl pages it picks back up the session again. I still am not going to mark this solved, because I just got lucky here. in the future I am sure myself and other people out there will hit similar problems. So please leave comments here if you have experienced this before. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.