Do both sites use the same php.ini? The hostname is the same? Is it a session cookie or a persistent cookie ( I think that a session cookie depending on browser are not shared between http and https) You can use the chrome "Developer Tools" (F12 on chrome) -> resources -> Cookies to check this out.
Take a look at this page: http://www.php.net/manual/en/session.configuration.php#ini.session.save-handler Maybe they aren't sharing the same handler. []'s Danilo Clemente On Thu, Jun 13, 2013 at 4:32 PM, Robin Wood <[email protected]> wrote: > Hi > It is mod_php running on apache/Linux and you are right, it is php that > handles the sessions not Apache. > > Any ideas? > > Robin > On Jun 13, 2013 8:03 PM, "Danilo Nascimento" <[email protected]> > wrote: > >> >> >> Hi Robin. >> >> It sounds like it is a platform dependent issue. >> As far as i know the sessions storage are handle by AppServer/Plataform >> and not by apache itself (Apache only pass the session cookies to the >> plataform) >> >> What language/plataform are they using? (PHP, JavaEE, .Net, asp e etc?) >> How does the apache respond to the requests ( A specific Handler, >> mod_proxy, a CGI/FastCGI e etc) ? >> >> >> []'s Danilo Nascimento >> >> >> On Thu, Jun 13, 2013 at 5:54 AM, Robin Wood <[email protected]> wrote: >> >>> I've got a client I'm doing some dev work for and they have a website >>> that spans HTTP and HTTPS and the site needs to pass a session cookie >>> between both. Ignore the fact that this isn't the best way to do >>> things, it is a legacy site and there isn't rewrite budget. >>> >>> The problem I've got is that occasionally the two sides don't appear >>> to be sharing the same session file on disk so values put in to the >>> session on the HTTP side are not appearing on the HTTPS side and vise >>> versa. It isn't consistent and I've not been able to pin down any >>> pattern when it does it. >>> >>> The hosting company is a black box who haven't been able to offer much >>> help. They say that there is no load balancer in place and that both >>> the sites are running on the same Apache instance with no special >>> config beyond the default. >>> >>> I've put a test script on both sides which displays the current >>> session id and tries to store and retrieve values, the session ids >>> match over the two sides so it isn't the browser doing something and >>> messing those up. >>> >>> Can anyone suggest anything that could cause this? If the two sides >>> were consistently unable to share things then I'd put it down to both >>> using different session files on disk. If it were that a session >>> created on HTTPS couldn't be seen by HTTP then it could be the secure >>> flag, but that isn't set. >>> >>> Robin >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> >>
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
