Gary
asked on
Session management HTTP->HTTPS
I'm passing the session id in the url when I move to an https page and this works fine for in page sessions as I set the session_id($_GET['sid']);
When I call another page with ajax the session is ignored and a new one started.
This is in FF, in IE it seems to work fine.
When I call another page with ajax the session is ignored and a new one started.
This is in FF, in IE it seems to work fine.
ASKER
The reason I cannot use the same session is because the domain is slightly different.
But the question is why is FF screwing up the session when I manually set the ID, while IE works fine.
I may have to pass the session id in the ajax calls if no one knows...
But the question is why is FF screwing up the session when I manually set the ID, while IE works fine.
I may have to pass the session id in the ajax calls if no one knows...
do you remember this time :
var xmlHttpReq = false;
var self = this;
// Mozilla/Safari
if (window.XMLHttpRequest) {
self.xmlHttpReq = new XMLHttpRequest();
}
// IE
else if (window.ActiveXObject) {
self.xmlHttpReq = new ActiveXObject("Microsoft.X MLHTTP");
}
// M. Jackson
var xmlHttpReq = false;
var self = this;
// Mozilla/Safari
if (window.XMLHttpRequest) {
self.xmlHttpReq = new XMLHttpRequest();
}
// IE
else if (window.ActiveXObject) {
self.xmlHttpReq = new ActiveXObject("Microsoft.X
}
// M. Jackson
ASKER
@leakim
Uhhh?
@Ray
It would be stupid running a shopping cart on https for the whole thing, just unnecessary
Uhhh?
@Ray
It would be stupid running a shopping cart on https for the whole thing, just unnecessary
LOL
You said :
IE and FF don't do ajax call the same way
You said :
But the question is why is FF screwing up the session when I manually set the ID, while IE works fine.
IE and FF don't do ajax call the same way
ASKER
But I'm manually changing the session id, ajax shouldn't have anything to do with it.
When I call another page with ajax the session is ignored
ASKER
I don't see your point leakim
I set the session id at the server with php, why would a new session be started on the same protocol/domain
I set the session id at the server with php, why would a new session be started on the same protocol/domain
use fiddle and let me know if you see the session during the ajax call (on FF and on IE)
if it's possible provide a link to the page or build a simple one to reproduce
if it's possible provide a link to the page or build a simple one to reproduce
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
"It would be stupid running a shopping cart on https for the whole thing, just unnecessary"
Facebook and Google don't think so. They're running Everything on HTTPS now. What is your objection?
Facebook and Google don't think so. They're running Everything on HTTPS now. What is your objection?
ASKER
Only for logged in users.
My objection is why encrypt non sensitive information and add extra load to the server
My objection is why encrypt non sensitive information and add extra load to the server
It would be stupid running a shopping cart on https for the whole thing, just unnecessaryI asked the server and she said she didn't mind encryption, in fact she kind of enjoyed it!
Anyway, glad you found a solution, but it doesn't make me entirely comfortable that one browser would work and another would not!
ASKER
Solved myself
But there may be a timeliness component here, too. Check to make sure something like this is not happening to your scripts. In a recent test, I tried setting a cookie in a script that was a long-running-job (over 40 seconds) and getting the cookie in another script to check the progress of the long-running-job. It didn't work in either FF or Chrome. Neither of those returned the cookie until after the first script finished execution. I did not test IE.
Just curious... Why not put the whole operation behind HTTPS? Why switch back and forth?