johlwiler Posted August 31, 2007 Share Posted August 31, 2007 Hey I have not worked with ssl before. I am integrating with a payment solution and am sending credit card information to the processing area. I am required to use SSL which I completely understand and it is fine. I have session varibles on all the admin pages to check who the user is and either allow them to view the page or not. My problem is that when ever I access my php pages via https I get the error I am not logged in. I have a die statement. Just for the fun of it I tried a few other files in the admin area and same things. When I logged in via https my session stayed throughout. so my question is do session clear or change or something when you go to ssl. Is there a way around this. I really don't want to take the session variables off the page because it helps keep me protected and also I do use some of the information stored in the session for some of the processing. Is there away to properly transfer a session to SSL. I am really lost because I can't find much information about this anywhere? I am not totally sure how SSL works. I am using a shared certificate. I don't know if that makes a difference. I don't want to past the whole code because there is some sensitive information in there and it is very long. But I will past some on request of what you need. Here is how I start my pages with the sessions. It has always worked for me in the past. At least till SSL. <?php @session_start(); ?> <?php //get userid needed ad so on $loginID=$_SESSION['loginID']; $username=$_SESSION['username']; //checks to see if the user is logged in if(!isset($_SESSION['username'])){ die ("You either are not logged in or you do not have permission to view this page you must log in. If you feel this is a mistake click here to <a href='../logout.php'>log out</a>, then immediatly log back in and try agian."); } include("../constents.php"); My version of php is 4.4.2 running on a pretty standard LAMP configuration. Any help would be great. Thanks Link to comment https://forums.phpfreaks.com/topic/67411-session-varible-issue-with-ssl/ Share on other sites More sharing options...
johlwiler Posted September 1, 2007 Author Share Posted September 1, 2007 Should I include what my phpinfo file says about ssl would that be any help to my problem? Link to comment https://forums.phpfreaks.com/topic/67411-session-varible-issue-with-ssl/#findComment-339187 Share on other sites More sharing options...
johlwiler Posted September 3, 2007 Author Share Posted September 3, 2007 bump-- someone please take the time to look at this. I read some stuff about saving a session and retrieving a session has anyone done that before Link to comment https://forums.phpfreaks.com/topic/67411-session-varible-issue-with-ssl/#findComment-340475 Share on other sites More sharing options...
d22552000 Posted September 3, 2007 Share Posted September 3, 2007 uh IDK from my session thing I was diong, I got this code workingifne, but I suck with ssl so uh.. that mgiht be the problem? --also a bump-- Link to comment https://forums.phpfreaks.com/topic/67411-session-varible-issue-with-ssl/#findComment-340497 Share on other sites More sharing options...
johlwiler Posted September 3, 2007 Author Share Posted September 3, 2007 Ok I got around the issue by taking all of my session variables that were need for the one page and posting them through a form in a long about way. I only need 2 of them and it wasn't really a security risk were I did it. Then after I leave the ssl pages it picks back up the session again. I still am not going to mark this solved, because I just got lucky here. in the future I am sure myself and other people out there will hit similar problems. So please leave comments here if you have experienced this before. Link to comment https://forums.phpfreaks.com/topic/67411-session-varible-issue-with-ssl/#findComment-340771 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.