0

I made a website that has an integrated shopping cart. Of course, I use a lot of session variables to do this. When I uploaded the site to inmotion hosting and made it an SSL connection, my session variables stopped transferring over? I have no idea why. I think part of it is because the sites are originally HTTP, then they are being forced to change to https, thus losing the session?

Any help would be amazing!

Ok I have tried changing the cookie domain and the cookie secure in the php.ini files but neither has helped. Please help!

Henry Gilbert
  • 11
  • 3
  • Could you be more specific about what you're doing here? Are you using a single domain or multiple? One server or two? Storing your sessions using PHP's default session management or storing session tokens in a database? Knowing these kinds of details will be important in narrowing down the cause. For example, if your shopping cart is hosted on a completely separate server from your website, then the problem is that PHP stores sessions on the server it's running on as individual files, so your shopping cart wouldn't have access to the website server's session files. – B. Fleming Jun 18 '19 at 19:01
  • Sorry for the lack of information! Everything is under one server, but multiple different domains. I am using the default session_start and $_SESSION. – Henry Gilbert Jun 18 '19 at 19:03
  • There are a couple of possibilities that come to mind, then: either your `php.ini` file is setting the "secure" setting for cookies to true and you're not explicitly changing this setting in your code, in which case cookies will not be sent over HTTP, or you haven't specified the cookie domain, which would prevent the cookie from being shared across subdomains. Check out `session_set_cookie_params()` and `ini_set()` for setting these values at runtime. – B. Fleming Jun 18 '19 at 19:18
  • Thank you! How do I check those? – Henry Gilbert Jun 18 '19 at 19:20
  • Im sorry for all the small questions, as you can see I am new to PHP and coding as a whole – Henry Gilbert Jun 18 '19 at 19:21
  • Possible duplicate of [Session lost when switching from HTTP to HTTPS in PHP](https://stackoverflow.com/questions/441496/session-lost-when-switching-from-http-to-https-in-php) – zod Jun 18 '19 at 19:23
  • There is PHP documentation online. Use a search engine of your choice and look up "php session_get_cookie_params" and "php ini_set" to view the PHP documentation for these functions. – B. Fleming Jun 18 '19 at 19:24
  • Update, so I found how to do that, and I changed session.cookie_secure to false, but it is still the same? – Henry Gilbert Jun 18 '19 at 19:47

1 Answers1

0

Cookies have a secure flag on them which means that they can't be used on http sites. At HTTP connection, when you session_start(), PHP creates a new session id, which replaces the previous session id.

I believe you can unset that with session.cookie_secure = 1 in php.ini

  • where is php.ini? If I uploaded just a folder of php files how do I access it? Sorry I know it's a dumb question. – Henry Gilbert Jun 18 '19 at 19:06
  • I am hosting them through inmotion. I found a htaccses file which some form said was the equivalent, but when I added php_value session.cookie_secure=1;, it gives me a 500 error – Henry Gilbert Jun 18 '19 at 19:17
  • nah, htacess isnt the right file. I've never used inmotion but try to find if they allow modification of the php.ini file –  Jun 18 '19 at 19:58
  • yes I found the file and made the modifcations, but no change – Henry Gilbert Jun 18 '19 at 20:12
  • Don't add an extra line, instead find the line with the flag and change it to `0` –  Jun 19 '19 at 13:19