pass session variable through SSL

Results 1 to 2 of 2

Thread: pass session variable through SSL

  1. #1
    Join Date
    Dec 1969

    Default pass session variable through SSL

    I have a site where a user logs in (not secured through SSL), and their login info is stored in session variables. However, the user has to go through a SSL page to purchase stuff with their credit card. <BR><BR>Is there anyway to pass the session variables to the SSL page without using URL variables? i would rather not pass the username and password through a URL variable, that seems kind of "lame". Is there a way that the secured pages can read the session variable that was created in the non-secured pages? <BR><BR>thanks!

  2. #2
    Join Date
    Dec 1969

    Default one way

    Use cookies directly rather than relying on the session variable. Write a cookie and be sure to specify the domain to be just "" instead of the default "", and then you can write the cookie on "" and read it on "". If you have heavy traffic on your site this will dramatically reduce your server load as well. As long as both sites can talk to a common database where you can look up whatever you need from the login values stored in the cookies you&#039;re set.<BR><BR>One of the consequences of the web&#039;s innately &#039;stateless&#039; state. If you have two separate boxes and they need to convey information then it either has to be sent in query string or form variables, or you have to make the client carry the information for you. IE in particular is weird about form information going between secure and non-secure boxes, so best to put it in the cookie. If you find it easier to use URL variables, you can encode the info, simple base 64 encoding will render it human unreadable.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts