Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Passing SID to Secure Server

Trying to pass $_SESSION variables to SSL

12:22 am on Oct 30, 2006 (gmt 0)

10+ Year Member


I'm trying to pass the current $_SESSION[] array variables to my secure domain for payment details.

I am attempting this via passing the SID via URL thus:

example1.php (Non-SSL)

session_start(); // Start Session
$SID = session_id();
echo $_SESSION['package'] ;
echo "<form action='https://secure.example.com/example2.php?SID=$SID' method='post'><input type='submit' value='Continue'></form>";

example2.php (SSL)

session_start(); // Start Session
if (isset($_GET['SID'])) {
echo $_SESSION['package'] ;

However, example2.php keeps coming back with "Undefined index: package"

What am I doing wrong?

8:41 am on Oct 30, 2006 (gmt 0)

5+ Year Member

Possibly the session cookie is not readable from a different subdomain.
5:49 pm on Oct 30, 2006 (gmt 0)

10+ Year Member

It's not a session cookie issue as they are trying to pass the session ID via the URL.

However, the code is all wrong.
Firstly, read this:


$SID = session_id();

is not needed, as SID is a predefined constant.

in example 2,


No idea what you are trying to do here - but sessions should be pretty transparently handled by PHP.

Look closely at example 3 in the above link on the PHP site - that should help you out.

12:02 am on Oct 31, 2006 (gmt 0)

10+ Year Member

Thnaks FalseDawn


What I was attempting to do was pass the SID from the non-SSL session to the SSL session.

Basically, I have a bunch of session variables obtained during the non-SSL session:
$_SESSION['user_address']='1313 Mockingbird Ln'

but I am losing these when the user goes to SSL for payment and I don't want that to happen.

I looked at example 3 but didn't see how this related to my problem of transfering session variables between domains (non-SSL & SSL).

I had looked elswhere here and the solution seemed to be to pass the SID via the URL. I assumed you then just assign the current SID to be the old SID.

Thanks for any help

2:14 am on Oct 31, 2006 (gmt 0)

10+ Year Member

Oops ... i can see how example 3 helps now ... however I can't get it to work.

SID is null and if I create a variable $id=session_id() and use that in the URl, the session id is passed but the $count is not incremented.

I must have a bigger problem eh?

7:02 am on Oct 31, 2006 (gmt 0)

10+ Year Member


What I was attempting to do was pass the SID from the non-SSL session to the SSL session.

OK, that's not how you do it - that'll just set a session variable called "session_id" to whatever $_GET['SID'] happens to be.

example 3 actually appears to be missing a session_start(); statement right after the opening <?php tag, as in the other 2 examples.
In any script where you need to use session variables, this must be present. Try adding this and see how you get on.

Edit: SID will be null if the session cookie is present on the client - in this case, your session cookie is probably not being set and/or read correctly, as barnes101 suggested


If this is the case, there should be no need to pass the session ID via the URL anyway.
Also, bear in mind that it is not possible to tell if a session cookie can be set or not on the first invocation of a script - if that is relevant in this case or not, I don't know.

[edited by: FalseDawn at 7:13 am (utc) on Oct. 31, 2006]

12:58 am on Nov 1, 2006 (gmt 0)

10+ Year Member


I added session_start() but it now comes back with "Undefined variable: count" on the second load of the page.

The URL (in the address bar) still shows ..../nextpage.php?
(no SID)

If I assign $id=session_id() and pass that, the SID appears in the address bar, but I still get the error "Undefined variable: count"

I also tried another example of storing the SID in the DB but this also failed. I seem to have a setting that's gone bad. Is there something I can look for in phpinfo() perhaps?


[edited by: Kenton at 1:04 am (utc) on Nov. 1, 2006]


Featured Threads

Hot Threads This Week

Hot Threads This Month