http / https上的会话 [英] Sessions across http/https
问题描述
我正在经历一个有趣的问题,从http到https进行了一次从
开始的php会话。很多谷歌搜索后,我仍然卡住了。
该应用程序是一个在线商店,其中一些用户数据存储在
会话中。当用户继续结账时,我们切换到https。这个
都在相同的物理服务器上完成,在同一个域下(
有SSL证书)。
会话ID很好 - 我可以从
http和https中读取会话ID,它是相同的。但是,当我尝试访问
会话变量时,例如$ _SESSION [''s_userid''],我只能用
来执行它,无论哪个协议都用于编写变量。
让我解释一下。如果我通过http访问来自
页面的会话变量中的一些用户信息,那么我尝试从通过https访问的页面读取这些变量
,它们是空的。 />
我只想说清楚问题不在于会话ID
不适用于https页面 - 它是,而且它是'相同的会话ID。
所以,不知道这里发生了什么?似乎有两个会话
使用相同的会话ID创建,一个用于http,一个用于https。
这是怎么回事?如果是这样,我该如何解决它?如何从我的https页面访问
会话数据?
任何帮助非常感谢。
-
Grunff
_SESSION ['s_userid''],我只能用
来做首先使用哪个协议来编写变量。
让我解释一下。如果我通过http访问来自
页面的会话变量中的一些用户信息,那么我尝试从通过https访问的页面读取这些变量
,它们是空的。 />
我只想说清楚问题不在于会话ID
不适用于https页面 - 它是,而且它是'相同的会话ID。
所以,不知道这里发生了什么?似乎有两个会话
使用相同的会话ID创建,一个用于http,一个用于https。
这是怎么回事?如果是这样,我该如何解决它?如何从我的https页面访问
会话数据?
任何帮助非常感谢。
-
Grunff
Grunff写道:
我在浏览php会话时遇到了一个有趣的问题
从http到https。很多谷歌搜索后,我仍然卡住了。
该应用程序是一个在线商店,其中一些用户数据存储在
会话中。当用户继续结账时,我们切换到https。这个
都是在相同的物理服务器上完成的,在同一个域下(具有SSL证书)。
会话ID很好 - 我可以读取来自
http和https的会话ID,它是一样的。但是,当我尝试访问一个
会话变量,例如
_SESSION [''s_userid'']时,我只能使用
使用哪个协议来首先写变量。
让我解释一下。如果我在通过http访问的页面中保存会话变量中的一些用户信息,那么我尝试从通过https访问的页面读取这些变量,它们是空的。
我只是想明确问题不是会话ID
不适用于https页面 - 它是,并且它是相同的会话ID。
所以,任何想知道这里发生了什么?似乎有两个会话
使用相同的会话ID创建,一个用于http,一个用于https。
这是怎么回事?如果是这样,我该如何解决它?如何从我的https页面访问
会话数据?
任何帮助非常感谢。
您好,
我没有解决方案,但也许有些东西可以帮助你:
SESSION基于PHPSESSID的某些值,大部分时间都是存储的在客户端浏览器上的
cookie中。
由某个域设置的Cookie无法被其他域访问。
是当你从http转到https时,你可以切换域吗?
喜欢:
http://www.babelfish.com
to
https://www.purchasebabelfishhere.com
问候,
Erwin Moller
I''m experiencing an interesting problem with carrying a php session over
from http to https. Much googling later, I''m still stuck.
The application is an online shop, where some user data is stored in the
session. As the user proceeds to checkout, we switch over to https. This
is all done on the same physical server, under the same domain (which
has an SSL cert).
The session ID is carried over fine - I can read the session ID from
http and https and it is the same. However, when I try to access a
session variable e.g. $_SESSION[''s_userid''], I can only do it using
whichever protocol was used to write the variable in the first place.
Let me explain more. If I save some user info in session variables from
pages accessed via http, then I try to read these variables from pages
accessed via https, they are empty.
I just want to make it clear that the problem is not that the session ID
is not available to the https pages - it is, and it''s the same session id.
So, any idea what''s going on here? It seems that there are two sessions
being created with the same session ID, one for http and one for https.
Is that what happens? if so, how do I get around it? How do I access the
session data from my https pages?
Any help much appreciated.
--
Grunff
_SESSION[''s_userid''], I can only do it using
whichever protocol was used to write the variable in the first place.
Let me explain more. If I save some user info in session variables from
pages accessed via http, then I try to read these variables from pages
accessed via https, they are empty.
I just want to make it clear that the problem is not that the session ID
is not available to the https pages - it is, and it''s the same session id.
So, any idea what''s going on here? It seems that there are two sessions
being created with the same session ID, one for http and one for https.
Is that what happens? if so, how do I get around it? How do I access the
session data from my https pages?
Any help much appreciated.
--
Grunff
Grunff wrote:
I''m experiencing an interesting problem with carrying a php session over
from http to https. Much googling later, I''m still stuck.
The application is an online shop, where some user data is stored in the
session. As the user proceeds to checkout, we switch over to https. This
is all done on the same physical server, under the same domain (which
has an SSL cert).
The session ID is carried over fine - I can read the session ID from
http and https and it is the same. However, when I try to access a
session variable e.g.
_SESSION[''s_userid''], I can only do it using
whichever protocol was used to write the variable in the first place.
Let me explain more. If I save some user info in session variables from
pages accessed via http, then I try to read these variables from pages
accessed via https, they are empty.
I just want to make it clear that the problem is not that the session ID
is not available to the https pages - it is, and it''s the same session id.
So, any idea what''s going on here? It seems that there are two sessions
being created with the same session ID, one for http and one for https.
Is that what happens? if so, how do I get around it? How do I access the
session data from my https pages?
Any help much appreciated.
Hi,
I do not have a solution, but maybe something to get you going:
SESSION are based on some value of PHPSESSID, most of the time stored in a
cookie on the client browser.
Cookies set by a certain domain cannot be accessed by another domain.
Is it possible you switch also domains when you wsitch from http to https?
Like:
http://www.babelfish.com
to
https://www.purchasebabelfishhere.com
Regards,
Erwin Moller
这篇关于http / https上的会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
