stackoom
  简体   繁体   中英

Maintain PHP session between https and http pages

 原文  2017-03-25 07:23:16       php/ http/ https/ session-variables

Question

On my secure site (https), I set a PHP $_SESSION variable. I then use header("location: http://...page.php") to send the user to a php page on my http site, which is on the same server. The session variable is lost, because of the http:// URL (I assume) in the header statement. I can't get the header("location: ...") to work without using the full URL. Thus I tried the following tip from stackoverflow - php session lost when switching , which several other posts reference, but I ended up with numerous error_log warning entries and once I clicked to another page that required $_SESSION['loginUser'], the session was gone.

PHP Warning: session_start(): The session id is too long or contains illegal characters

Sample session ID passed: dlouenopfi3edoep3dlvne8bn1

Code that creates the session on https php page (note for this post header location is not real) 

session_start();
$currentSessionID = session_id();
$_SESSION['loginUser'] = $username; 

header("location: http://www.test.com/path/to/page/off-campus/cat_index.php?session=$currentSessionID");

Code that receives the session on http php pages 

// Retrieve the session ID as passed via the GET method.
$currentSessionID = $_GET['session'];
echo "sid: " . $currentSessionID;//a session id like above is displayed

// Set a cookie for the session ID.
session_id($currentSessionID);

session_start();

if(isset($_SESSION['loginUser'])){
  $username = $_SESSION['loginUser'];
  echo "Welcome: $username<br />";
 } else {
    require_once($_SERVER["DOCUMENT_ROOT"] . "/_includes/CASwrap.php");
}

I've exhausted my searching. Any help will be appreciated. Thanks.

1 answers

solution1
 0  

I solved my two questions.

To prevent the numerous error_log warning entries all I needed was an "exit" statement after the "header" statement.

To maintain the current session, I used an if statement to test for a current session id stored in the variable $currentSessionID. If yes then set the session_id with the value of $currentSessionID. If no, then don't set the session_id with the $currentSessionID variable, since it has no value.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP - Maintain Session Array Between Pages PHP SESSION variables between https and http Different session IDs between http and https php php access session data between HTTPS and HTTP Switching between HTTP and HTTPS pages with secure session-cookie Understand & fix php session lost between https and http Saving PHP session variables between domains and https/http PHP session HTTP to HTTPS problem maintain session/connection between php and java app php session between two pages
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM