Session Varible issue with ssl

[johlwiler]

Hey I have not worked with ssl before. I am integrating with a payment solution and am sending credit card information to the processing area. I am required to use SSL which I completely understand and it is fine. I have session varibles on all the admin pages to check who the user is and either allow them to view the page or not. My problem is that when ever I access my php pages via https I get the error I am not logged in. I have a die statement. Just for the fun of it I tried a few other files in the admin area and same things. When I logged in via https my session stayed throughout. so my question is do session clear or change or something when you go to ssl. Is there a way around this. I really don't want to take the session variables off the page because it helps keep me protected and also I do use some of the information stored in the session for some of the processing. Is there away to properly transfer a session to SSL. I am really lost because I can't find much information about this anywhere? I am not totally sure how SSL works. I am using a shared certificate. I don't know if that makes a difference. I don't want to past the whole code because there is some sensitive information in there and it is very long. But I will past some on request of what you need.

 

Here is how I start my pages with the sessions. It has always worked for me in the past. At least till SSL.

 

<?php @session_start(); ?>
<?php

//get userid needed ad so on
$loginID=$_SESSION['loginID'];
$username=$_SESSION['username'];

//checks to see if the user is logged in
if(!isset($_SESSION['username'])){
die ("You either are not logged in or you do not have permission to view this page you must log in. If you feel this is a mistake click here to <a href='../logout.php'>log out</a>, then immediatly log back in and try agian.");
}

include("../constents.php");

 

My version of php is 4.4.2 running on a pretty standard LAMP configuration.

 

Any help would be great. Thanks

 

 

 

 

[johlwiler]

Should I include what my phpinfo file says about ssl would that be any help to my problem?

[johlwiler]

bump-- someone please take the time to look at this. I read some stuff about saving a session and retrieving a session has anyone done that before

[d22552000]

uh IDK from my session thing I was diong, I got this code workingifne, but I suck with ssl so uh.. that mgiht be the problem?  --also a bump--

[johlwiler]

Ok I got around the issue by taking all of my session variables that were need for the one page and posting them through a form in a long about way. I only need 2 of them and it wasn't really a security risk were I did it. Then after I leave the ssl pages it picks back up the session again. I still am not going to mark this solved, because I just got lucky here. in the future I am sure myself and other people out there will hit similar problems. So please leave comments here if you have experienced this before.