Johnny
asked on
have to relogin to site when switching from http to HTTPS
I have a site that uses https://secure.some_domain_name.com i login from http://some_domain_name.com
both are on the same webspace(server) and the pages are in the same folder
when i loginto the site(the page is not ssl) i login fine, i go to look at the personal information page and i have it call up the page via https://secure.some_domain_name.com/account_info.php i then get redirected to the login screen and have to relogin. how do i fix this?
am i loosing sessions somehow in that the browser is thinking im on another domain?
do i have to make the login page SSL?
what do i have to do so we dont have to relogin? with the http to https switch?
im using:
PHP
Apache
a UNIX flavor server
thank you in advance for any code or help you may provide, and thank you for your time in this matter.
Johnny
both are on the same webspace(server) and the pages are in the same folder
when i loginto the site(the page is not ssl) i login fine, i go to look at the personal information page and i have it call up the page via https://secure.some_domain_name.com/account_info.php i then get redirected to the login screen and have to relogin. how do i fix this?
am i loosing sessions somehow in that the browser is thinking im on another domain?
do i have to make the login page SSL?
what do i have to do so we dont have to relogin? with the http to https switch?
im using:
PHP
Apache
a UNIX flavor server
thank you in advance for any code or help you may provide, and thank you for your time in this matter.
Johnny
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
two things i noticed
1: when i made the example live you gave ray (thanks btw) i didnt place http://secure.XXXX it was https://XXXX so it worked with the ssl i have. so i changed all the urls to not use the secure url text.
2: i made login.php always pointed from another page to be https://XXXXX.com/login.php
this made it so i no longer have to double login and sessions are not lost or what ever the problem was with switching from http to https
thanks again Ray, it got me on the right track, also note it always amazes me the code you come up with this is one of those times.
1: when i made the example live you gave ray (thanks btw) i didnt place http://secure.XXXX it was https://XXXX so it worked with the ssl i have. so i changed all the urls to not use the secure url text.
2: i made login.php always pointed from another page to be https://XXXXX.com/login.php
this made it so i no longer have to double login and sessions are not lost or what ever the problem was with switching from http to https
thanks again Ray, it got me on the right track, also note it always amazes me the code you come up with this is one of those times.
ASKER
crude i accepted the wrong solution, i wanted rays, didnt notice a second person posted
GGGRRR now how to fix this
but non the less thanks webwyzsyst… for the comments
GGGRRR now how to fix this
but non the less thanks webwyzsyst… for the comments
If you want to change the was the question was closed, you can use the Request Attention link found at the lower right hand corner of the original question and ask a moderator to re-open it. In any case, I'm glad you've got things pointed in the right direction. Best, ~Ray
ASKER
i did that thanks ray
Request Attention (pending)
Request Attention (pending)
ASKER
thanks for all the help
This seems a little different than standard design patterns. If the system simply needs to keep content private and secure for a select number of users, I think an htaccess approach needs to be considered.
htaccess is simple to do, very secure, and there is a plethora of resources out there to draw upon.
You just need an https link to the location of your folder protected by htaccess. Once the user follows the link, everything else is taken care of by the browser and server.
Most serving platforms provide htaccess tools right in their control panel, and several scripts and such to customize its use on your site.