On my secure site (https), I set a PHP $_SESSION variable. I then use header("location: http://...page.php")
to send the user to a php page on my http site, which is on the same server. The session variable is lost, because of the http:// URL (I assume) in the header statement. I can't get the header("location: ...") to work without using the full URL. Thus I tried the following tip from stackoverflow - php session lost when switching , which several other posts reference, but I ended up with numerous error_log warning entries and once I clicked to another page that required $_SESSION['loginUser'], the session was gone.
PHP Warning: session_start(): The session id is too long or contains illegal characters
Sample session ID passed: dlouenopfi3edoep3dlvne8bn1
Code that creates the session on https php page (note for this post header location is not real)
session_start();
$currentSessionID = session_id();
$_SESSION['loginUser'] = $username;
header("location: http://www.test.com/path/to/page/off-campus/cat_index.php?session=$currentSessionID");
Code that receives the session on http php pages
// Retrieve the session ID as passed via the GET method.
$currentSessionID = $_GET['session'];
echo "sid: " . $currentSessionID;//a session id like above is displayed
// Set a cookie for the session ID.
session_id($currentSessionID);
session_start();
if(isset($_SESSION['loginUser'])){
$username = $_SESSION['loginUser'];
echo "Welcome: $username<br />";
} else {
require_once($_SERVER["DOCUMENT_ROOT"] . "/_includes/CASwrap.php");
}
I've exhausted my searching. Any help will be appreciated. Thanks.
I solved my two questions.
To prevent the numerous error_log warning entries all I needed was an "exit" statement after the "header" statement.
To maintain the current session, I used an if statement to test for a current session id stored in the variable $currentSessionID. If yes then set the session_id with the value of $currentSessionID. If no, then don't set the session_id with the $currentSessionID variable, since it has no value.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.