Cookies and HTTPS

Forum Moderators: open

Message Too Old, No Replies

Cookies and HTTPS

KeyWordMaster

3:48 pm on Mar 11, 2004 (gmt 0)

I am having a problem with my cookies not loading on our secure page.

We write out the cookie on [example.com...]

Everything works fine except when the user clicks to enter the CC info on our secure site

[example.com...] I try to load the cookie but it doesn't exist.

Would [example.com...] and [example.com...] store different cookies?

korkus2000

6:30 pm on Mar 11, 2004 (gmt 0)

I believe they do. I have seen this before and the only thing that fixed it was setting a cooking on the ssl side.

stevenmusumeche

6:33 pm on Mar 11, 2004 (gmt 0)

The http:// and https:// are considered different domains, so they are unable to access the other's cookies.

hyperbole

8:22 pm on Mar 11, 2004 (gmt 0)

When you send the cookie from the secure server, you want to set the 'secure' flag in the cookie so the browser will only return the cookie if an SSL connection has been established.

dcrombie

2:26 pm on Mar 12, 2004 (gmt 0)

You should be able to solve the original problem by setting domain=example.com, path=/ for the cookie.