Without more info it's difficult to stay. Cookie scope? Session stickiness on backend app servers? Does behaviour change depending on whether HTTP or HTTPS are hit first?
Regards, Jim On Jun 13, 2013 7:08 PM, "Robin Wood" <[email protected]<javascript:_e({}, 'cvml', '[email protected]');>> wrote: > I've got a client I'm doing some dev work for and they have a website > that spans HTTP and HTTPS and the site needs to pass a session cookie > between both. Ignore the fact that this isn't the best way to do > things, it is a legacy site and there isn't rewrite budget. > > The problem I've got is that occasionally the two sides don't appear > to be sharing the same session file on disk so values put in to the > session on the HTTP side are not appearing on the HTTPS side and vise > versa. It isn't consistent and I've not been able to pin down any > pattern when it does it. > > The hosting company is a black box who haven't been able to offer much > help. They say that there is no load balancer in place and that both > the sites are running on the same Apache instance with no special > config beyond the default. > > I've put a test script on both sides which displays the current > session id and tries to store and retrieve values, the session ids > match over the two sides so it isn't the browser doing something and > messing those up. > > Can anyone suggest anything that could cause this? If the two sides > were consistently unable to share things then I'd put it down to both > using different session files on disk. If it were that a session > created on HTTPS couldn't be seen by HTTP then it could be the secure > flag, but that isn't set. > > Robin > _______________________________________________ > Pauldotcom mailing list > [email protected] <javascript:_e({}, 'cvml', > '[email protected]');> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
