changing session between https and http pages

Forum Moderators: coopster

Message Too Old, No Replies

changing session between https and http pages

why is this happening?

will1480

9:38 pm on Jun 18, 2004 (gmt 0)

I loose my shopping cart going from http to https pages. I think it is starting a new session which is what my cart is based off of. Is there a good way around this. Would rather not pass session through URL, but will do that if necessary. Any help would be appreciated

jatar_k

9:45 pm on Jun 18, 2004 (gmt 0)

I have messed around with this a bit but found that it would drop "sometimes" but not all the time.

I now just drop the info into a form and post it along but I am not sure if that is an option. We also split our http and https onto different servers now so that removes any possibilty of keeping the session alive.

Does it lose it every time? I didn't have that happen just a 5 - 15 % loss. Could never relly tell exactly.

when they checkout does it go straight to https?
Is there a way you could have a page on http where you could write the session id into the page and post it along instead of putting it in the url?
do you use named sessions? might help, figure out a naming convention and then you can start the session by name

not really sure, those are just some quick thoughts.

will1480

7:04 am on Jun 19, 2004 (gmt 0)

It does not lose the session all the time and yes I am using session_id(). I dont see a real problem with sending the session through the url. I have done that and it eliminted the problem, but would rather not pass it through the url.

Oh, and yes it goes straight to https. How else do you do it. The whole purchase/info exchange is https.

Also, I guess I could use a post to send the session, but was just wondering what was technically happening to loose session.

jatar_k

6:14 pm on Jun 19, 2004 (gmt 0)

To be honest I am not 100% sure why exactly it happens. We have tested it a bit but haven't really found any really good reason.

I had the problem with a tracking script. We grab referer data and a few other things when people hit the site and carry it through to the signup form (https) in the session and then insert it into the db. As long as the https page where I was grabbing the session var from was only 1 step from the http page then I was close to what I should be getting for referers, as referers are only reliable in the 70 - 80% range though I was pretty sure I was a little low.

I needed to add a step in the signup process before the spot where we access the session data. Once that was done I dropped to about 35-40% of referers getting through. We didn't change anything except to add a page but the referers dropped significantly.

Why, I don't know. I added the extra step to the http side and dropped the session data into the form and it is up above where it was originally.

When it goes off to https it switches ports and is kind of a different site though it is the same domain. So I can only assume that the server sometimes gets confused as we found no specific things that contributed to it.

I would go with whatever is the most reliable solution, be it url or into the form, since the most important thing with a check out is for the user to get their own cart contents and be able to purchase them without problems.