Re: session lost when switching from http to https, vice versa, in cakephp rc3
Just wanted to say thanks, as I ran into this problem and this led me
to the fix. For any one else, here is a bit more information:
http://stackoverflow.com/questions/308659/session-not-saving-when-moving-from-ssl-to-non-ssl
On Dec 4, 10:13 am, Mathew <[EMAIL PROTECTED]> wrote:
> Hi Robert,
>
> I've never done what you have done, but I'm sure it's possible because
> most people do shopping carts this way.
>
> The problem might be that Cake is switching to secure cookies when it
> finds the current URL is using HTTPS. The cookie is used to store the
> session ID and when the switch to secure cookies happens maybe Cake
> can't find the insecure cookie and starts a new session.
>
> I'm not sure if Cake supports this? You might have come across a bug.
>
> You might have to pass the session ID in the URL when switching from
> HTTP to the HTTPS and then use that ID in the HTTPS session to recover
> the old session.
>
> Here are the methods for getting and setting the session ID.
>
> $session->id() will return the current session ID.
> $session->id($id) will set the session ID.
>
> The other work around is to comment out the code in Cake that switches
> to secure cookies.
>
> if ($ini_set && env('HTTPS')) {
> ini_set('session.cookie_secure', 1);
>
> }
>
> I only recommend this if you know for sure you don't need secure
> cookies. I also don't know if this is a wise security thing to do.
>
> Let me know if that helps?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: session lost when switching from http to https, vice versa, in cakephp rc3
Hi Robert,
I've never done what you have done, but I'm sure it's possible because
most people do shopping carts this way.
The problem might be that Cake is switching to secure cookies when it
finds the current URL is using HTTPS. The cookie is used to store the
session ID and when the switch to secure cookies happens maybe Cake
can't find the insecure cookie and starts a new session.
I'm not sure if Cake supports this? You might have come across a bug.
You might have to pass the session ID in the URL when switching from
HTTP to the HTTPS and then use that ID in the HTTPS session to recover
the old session.
Here are the methods for getting and setting the session ID.
$session->id() will return the current session ID.
$session->id($id) will set the session ID.
The other work around is to comment out the code in Cake that switches
to secure cookies.
if ($ini_set && env('HTTPS')) {
ini_set('session.cookie_secure', 1);
}
I only recommend this if you know for sure you don't need secure
cookies. I also don't know if this is a wise security thing to do.
Let me know if that helps?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
session lost when switching from http to https, vice versa, in cakephp rc3
hi, I am using cakephp rc3 I will lose my cakephp session whenever i swtich http to https: or https to http anyone knows how to solve this problem, reason being, the user was adding to the shopping cart, but when the protocol changes from http to https for checkout:, the shopping cart session is empty the same thing happens, when the use switch from https to http in the checkout to shopping cart, the shopping cart session will be missing --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
