Peharps session.referer_check is enable?* * http://www.php.net/manual/en/session.configuration.php#ini.session.referer-check
[]'s Danilo Clemente On Thu, Jun 13, 2013 at 5:00 PM, Robin Wood <[email protected]> wrote: > > On Jun 13, 2013 8:51 PM, "Danilo Nascimento" <[email protected]> > wrote: > > > > Do both sites use the same php.ini? > > Not sure, I'll check > > > The hostname is the same? > Yes > > > > > Is it a session cookie or a persistent cookie ( I think that a session > cookie depending on browser are not shared between http and https) > > Session cookie. If it weren't shared then it would never work but it does > some of the time. > > > You can use the chrome "Developer Tools" (F12 on chrome) -> resources -> > Cookies to check this out. > > > > Take a look at this page: > http://www.php.net/manual/en/session.configuration.php#ini.session.save-handler > > Maybe they aren't sharing the same handler. > > But why would this be occasional and not permanent? > > Robin > > > > > > > > []'s Danilo Nascimento > > > > > > > On Thu, Jun 13, 2013 at 4:32 PM, Robin Wood <[email protected]> wrote: > >> > >> Hi > >> It is mod_php running on apache/Linux and you are right, it is php that > handles the sessions not Apache. > >> > >> Any ideas? > >> > >> Robin > >> > >> On Jun 13, 2013 8:03 PM, "Danilo Nascimento" <[email protected]> > wrote: > >>> > >>> > >>> > >>> Hi Robin. > >>> > >>> It sounds like it is a platform dependent issue. > >>> As far as i know the sessions storage are handle by > AppServer/Plataform and not by apache itself (Apache only pass the session > cookies to the plataform) > >>> > >>> What language/plataform are they using? (PHP, JavaEE, .Net, asp e > etc?) > >>> How does the apache respond to the requests ( A specific Handler, > mod_proxy, a CGI/FastCGI e etc) ? > >>> > >>> > >>> []'s Danilo Nascimento > >>> > >>> > >>> On Thu, Jun 13, 2013 at 5:54 AM, Robin Wood <[email protected]> > wrote: > >>>> > >>>> I've got a client I'm doing some dev work for and they have a website > >>>> that spans HTTP and HTTPS and the site needs to pass a session cookie > >>>> between both. Ignore the fact that this isn't the best way to do > >>>> things, it is a legacy site and there isn't rewrite budget. > >>>> > >>>> The problem I've got is that occasionally the two sides don't appear > >>>> to be sharing the same session file on disk so values put in to the > >>>> session on the HTTP side are not appearing on the HTTPS side and vise > >>>> versa. It isn't consistent and I've not been able to pin down any > >>>> pattern when it does it. > >>>> > >>>> The hosting company is a black box who haven't been able to offer much > >>>> help. They say that there is no load balancer in place and that both > >>>> the sites are running on the same Apache instance with no special > >>>> config beyond the default. > >>>> > >>>> I've put a test script on both sides which displays the current > >>>> session id and tries to store and retrieve values, the session ids > >>>> match over the two sides so it isn't the browser doing something and > >>>> messing those up. > >>>> > >>>> Can anyone suggest anything that could cause this? If the two sides > >>>> were consistently unable to share things then I'd put it down to both > >>>> using different session files on disk. If it were that a session > >>>> created on HTTPS couldn't be seen by HTTP then it could be the secure > >>>> flag, but that isn't set. > >>>> > >>>> Robin > >>>> _______________________________________________ > >>>> Pauldotcom mailing list > >>>> [email protected] > >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >>>> Main Web Site: http://pauldotcom.com > >>> > >>> > >>> > > >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
