Just wanted to say thanks, as I ran into this problem and this led me
to the fix. For any one else, here is a bit more information:
http://stackoverflow.com/questions/308659/session-not-saving-when-moving-from-ssl-to-non-ssl
On Dec 4, 10:13 am, Mathew <[EMAIL PROTECTED]> wrote:
> Hi Robert,
>
> I've never done what you have done, but I'm sure it's possible because
> most people do shopping carts this way.
>
> The problem might be that Cake is switching to secure cookies when it
> finds the current URL is using HTTPS. The cookie is used to store the
> session ID and when the switch to secure cookies happens maybe Cake
> can't find the insecure cookie and starts a new session.
>
> I'm not sure if Cake supports this? You might have come across a bug.
>
> You might have to pass the session ID in the URL when switching from
> HTTP to the HTTPS and then use that ID in the HTTPS session to recover
> the old session.
>
> Here are the methods for getting and setting the session ID.
>
> $session->id() will return the current session ID.
> $session->id($id) will set the session ID.
>
> The other work around is to comment out the code in Cake that switches
> to secure cookies.
>
> if ($ini_set && env('HTTPS')) {
> ini_set('session.cookie_secure', 1);
>
> }
>
> I only recommend this if you know for sure you don't need secure
> cookies. I also don't know if this is a wise security thing to do.
>
> Let me know if that helps?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
