 |
|
Customer Support
 |
|
My PHP session is lost whenever I go to a secure URL
using the shared SSL certificate.
The reason the PHP session is lost is because PHP sessions are based on cookies and cookies are only valid at the domain where they were set.When you are at http://www.yourdomain.com you are at the domain "yourdomain.com" and can set and retrieve a cookie to keep your PHP session alive between requests.
However, when you change to the shared SSL URL of https://secure.modwest.com/yourdomain.com/ you are at the domain "modwest.com" and do not have any access to any cookies set by "yourdomain.com". This is a security limitation of the cookie protocol, not of PHP or the hosting environment.
Because of this security limitation, the PHP session, which relies on cookies, is lost, and a new session is started. The new session will only be valid while your visitor is at the secure URL. When you give them a link back to http://www.yourdomain.com then their original session will come back to them and the one set at "secure.modwest.com" will be inaccessible to you.
The only reasonable solution to the problem of loosing the PHP session at the shared SSL URL is to get an SSL certificate for your own domain name if you need SSL and PHP sessions instead of using our shared SSL certificate. That way your secure URL will be at the same domain name as your insecure URL, which means your cookie will be accessible at both URLs which means your PHP sessions will survive the change from non-SSL to SSL pages.
User-Contributed Notes |
|||
|
|||
|
|||
|
|
|||
Related Questions:
How do I set PHP include_path?
How do I change timezone for PHP?
What PHP modules are available and how do I load them?
Can I run a PHP script on cron?
How do I do html form file uploads?
Why does a PHP function give an error that it is undefined?
Why does my PHP script throw an Internal Server Error 500?
Why does PHP HTTP authentication not work?
What version of PHP are you running and can I see a phpinfo()?
I can't upload a file larger than 8MB through a PHP script
Can you change session cookie timeout in php.ini for me?
Do you have a quick form mail script?
Where is the php_error_log?
Can I use a PHP extension like PDFlib that I have personally purchased a license to use?
How do I get different character sets within my PHP page to display correctly?
What's the difference between running PHP as a cgi or as a module in safe mode?
Do you offer PHP5 with MySQLi?
Can I have all .html pages parsed as PHP?
The PHP curl module doesn't work.
Where can I download free PHP scripts?
Do you provide PEAR?
Do I need to set any 777 permissions in order for my PHP scripts to create files and directories?
What is CAPTCHA? How can I use it?
How do I execute my .php files as PHP 5?
How do I use the url_rewriter.tags setting for PHP?
The PDFlib extension gives a UPR description error.
Can I use Smarty Templates?
Why does flush() not flush the data to my browser?
Why does PHPLIB sessions give me a MySQL Database error?
Will IonCube encoded files work?
Will my Zend Encoded files work?
The pfpro pfpro_process() function keeps giving me Error 31
I need the virtual() function and it is not available.
Why does getallheaders() say undefined function?
Can I talk over SSL when opening an IMAP connection with the PHP imap_open() function?
How do I configure PHP?
How can one PHP file transparently handle all search-engine friendly URLs?
How do I put PHP sessions into a database instead of the default files-based method?
My PHP script needs a newer version of Zend Optimizer. What do I do?
I need to execute my cron job with PHP5.2
I need a newer version of PHP to run certain software
Can I use the pfpro extension in PHP 5.2?
Browse Categories:Getting Started, FTP, Telnet/SSH, Moving Domains, E-mail, Traffic Reports, Mailing Lists, Apache, PHP, CGI, Other Server-Side Scripting, MySQL Database, Imaging Libraries, Other Software, Billing & Terms, Control Panel, E-commerce, Pre-Sales |
Copyright
2000-2009 by Modwest,
Inc.