2

UPDATE:

The site now works on all browsers BUT Chrome now. Which I think is very odd - it's all arisen since the server switched to having an SSL.

As a recommendation I have put this within the application:

ini_set('session.use_trans_sid', true);
ini_set('session.use_cookies', true);
ini_set('session.use_only_cookies', true);

$https = false;

if(isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] != 'off') {
    $https = true;
}

$dirname = rtrim(dirname($_SERVER['PHP_SELF']), '/') . '/';

session_name('money');
session_set_cookie_params(0, '/', $_SERVER['HTTP'], $https, true);
session_start();

But still I just can't get the session to set - the application is based around MVC so the controllers are required in depending on the page loaded within the URL.

Could there be an issue with Sessions being passed through required/included files?

Winston
  • 1,758
  • 2
  • 17
  • 29
Ashley Banks
  • 528
  • 5
  • 16
  • Not sure if this is a dupe or not, but check [Session lost when switching from HTTP to HTTPS in PHP](http://stackoverflow.com/questions/441496/session-lost-when-switching-from-http-to-https-in-php) – Corey Ballou Feb 16 '13 at 11:51
  • Nah completely different - my problem is when remaining on a HTTPS page to page – Ashley Banks Feb 19 '13 at 10:54
  • You need to explain your situation more since you've added a bounty. If you want accurate answer then give a more detailed explanation of your problem and show us some code too if possible. – aborted Feb 19 '13 at 15:21
  • Update - any more q's? – Ashley Banks Feb 19 '13 at 15:29
  • why not having the login module on the ssl so nobody can snoop it? – happy Feb 23 '13 at 00:40

2 Answers2

6

Was to do with a Favicon.ico being requested by chrome - I would never have guessed.

Thanks so much to everyone that helped!

Ashley Banks
  • 528
  • 5
  • 16
  • 4
    How is that possible? How did you solve the problem? Still, +1 for self-solving. – 11684 Feb 25 '13 at 18:01
  • Chrome just constantly tries to look for certain files on the server ( favicon and stylesheets ) when on SSL and if it doesn't find them it prevents the sessions...very odd. Found out through a shed load of searching and one relation was the favicon, gave it a go and boom! – Ashley Banks Mar 27 '13 at 14:31
0

HTTP session ID is not being passed to the HTTPS session, when you switch between the HTTP and HTTPS services on the same server,. You can set it by passing the session ID from HTTP to HTTPS.

You can manage session between HTTP to HTTPS or HTTPS to HTTP:

  1. Transmit session ID between page using GET
  2. POST session ID by POST
  3. Use files to save sessions
  4. Use Cookies for sessions
  5. Use database to save session
Zaheer Ahmed
  • 28,160
  • 11
  • 74
  • 110