Shared Ssl And Sessions Problem

[stu]

Hi

I've an annoying minor issue with a site of mine that has a shopping cart. The cart uses sessions to hold customer ID and number of items, and all of the shop area is secure (so the domain reads as server52.xxxxxx.com/~sitename/....etc)

This all works fine, but the problem arises because on all the non-shop pages of the site, I show a "number of items in cart" info box. This gets the item count from a session called number_of_items.

What appears to happen is when the non-shop pages are viewed the url is http://sitename and the session doesn't seem to be available.

I guess this is related to the cookie not being available between domains and it thinks this is a different domain to the secure url.

 

But does anyone know a workaround for this (the option of buying their own certificate is not really there because of cost to the client)

 

thanks

...stu

[TCH-Andy]

You need to ensure that all the pages called are using the secure link, so you need to change the links within the pages to point to that.

[flashram]

Just to add to Andy's reply, this link http://totalchoicehosting.com/help/id95.htm might also help to explain it as well. Secure website and navigating it can be a bit of a mystery if you haven't gone there before from a web design side of things that is.

[stu]

Hi guys

thanks for both those replies.

So it seems you are confirming that it is not really possible to pass sessions across from the secure to the non-secure pages.

 

I wonder though - do these problems remain even if you have your own ssl certificate (since the url for unsecure content will be http://sitename and for secure content will be https:// - do the session cookies still see both as different domains?)

...stu

[TCH-Andy]

If it's the same domain, you can pass the session info across, yes.

 

I'd be certain that you want to though ... but yes, it's possible if they are both on the same domain.