On 5/22/06, Michael Satterwhite <[EMAIL PROTECTED]> wrote:
I have a site that is using a shared ssl certificate. When running on the site, the host is of the form <host.com>. When running in ssl mode, the domain is of the form <host>.<certhost>.com. ping shows that both resolve to the same ip address.Is there a way to create a cookie in the unsecured area and have it available when going through the ssl certificate? tia ---Michael -- Fight software piracy! Don't pirate MS Office - that's theft. Instead, use ours - it's legal and free www.openoffice.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
If by cookie you mean your PHPSESSION cookie, this is sort-of possible. My work has a shared certificate for those whom don't wish to purchase their own. This only works if http and https servers are on the same machine. - on regular page (cart) make link to another regular page (checkout) that should become secure - save session id to db, fetch last returned id. - create ssl href with ?id=last returned id - load session from the DB using the key - delete session id from DB since it is now shared between domains - call session_regenerate_id ...becomes... http://www.example.com/cart.php http://www.example.com/checkout.php https://ssl.example.com/example/checkout.php I'm not really sure how important the whole hide the session id thing is considering I regenerate the ID. But better safe than sorry I guess. :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
