On Jun 13, 2013 8:51 PM, "Danilo Nascimento" <[email protected]> wrote: > > Do both sites use the same php.ini?
Not sure, I'll check > The hostname is the same? Yes > > Is it a session cookie or a persistent cookie ( I think that a session cookie depending on browser are not shared between http and https) Session cookie. If it weren't shared then it would never work but it does some of the time. > You can use the chrome "Developer Tools" (F12 on chrome) -> resources -> Cookies to check this out. > > Take a look at this page: http://www.php.net/manual/en/session.configuration.php#ini.session.save-handler > Maybe they aren't sharing the same handler. But why would this be occasional and not permanent? Robin > > > []'s Danilo Clemente > > > On Thu, Jun 13, 2013 at 4:32 PM, Robin Wood <[email protected]> wrote: >> >> Hi >> It is mod_php running on apache/Linux and you are right, it is php that handles the sessions not Apache. >> >> Any ideas? >> >> Robin >> >> On Jun 13, 2013 8:03 PM, "Danilo Nascimento" <[email protected]> wrote: >>> >>> >>> >>> Hi Robin. >>> >>> It sounds like it is a platform dependent issue. >>> As far as i know the sessions storage are handle by AppServer/Plataform and not by apache itself (Apache only pass the session cookies to the plataform) >>> >>> What language/plataform are they using? (PHP, JavaEE, .Net, asp e etc?) >>> How does the apache respond to the requests ( A specific Handler, mod_proxy, a CGI/FastCGI e etc) ? >>> >>> >>> []'s Danilo Nascimento >>> >>> >>> On Thu, Jun 13, 2013 at 5:54 AM, Robin Wood <[email protected]> wrote: >>>> >>>> I've got a client I'm doing some dev work for and they have a website >>>> that spans HTTP and HTTPS and the site needs to pass a session cookie >>>> between both. Ignore the fact that this isn't the best way to do >>>> things, it is a legacy site and there isn't rewrite budget. >>>> >>>> The problem I've got is that occasionally the two sides don't appear >>>> to be sharing the same session file on disk so values put in to the >>>> session on the HTTP side are not appearing on the HTTPS side and vise >>>> versa. It isn't consistent and I've not been able to pin down any >>>> pattern when it does it. >>>> >>>> The hosting company is a black box who haven't been able to offer much >>>> help. They say that there is no load balancer in place and that both >>>> the sites are running on the same Apache instance with no special >>>> config beyond the default. >>>> >>>> I've put a test script on both sides which displays the current >>>> session id and tries to store and retrieve values, the session ids >>>> match over the two sides so it isn't the browser doing something and >>>> messing those up. >>>> >>>> Can anyone suggest anything that could cause this? If the two sides >>>> were consistently unable to share things then I'd put it down to both >>>> using different session files on disk. If it were that a session >>>> created on HTTPS couldn't be seen by HTTP then it could be the secure >>>> flag, but that isn't set. >>>> >>>> Robin >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>> >>> >>> >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
