Passing Session between http and https

Ive placed this on another thread here: http://forum.opencart.com/viewtopic.php?f=31&t=4410 but thought it should really be a new topic:

Well Ive been trying to get this to work for over an hour now and am admitting defeat and asking for help.

OK so I am on a shared host but have a dedicated IP and SSL. So i have a root domain (with SSL) and subdomains (sharing root domains SSL).

So i need to pass the session data from http://www.myshop.com to https://rootdomain.com/myshop/

I have in the root domain php.ini and I have in the myshop php.ini

This isnt working so presume it isnt right, Ive also tried in the myshop php.ini

Can anyone help me? >:(

I made some progress with this on CrC using these as a guide.

http://techtinkering.com/articles/?id=2
http://www.webdeveloper.com/forum/showt ... hp?t=87633

OK Ive had a look at the links you provided, where does the session get started in opencart i.e. which file contains: session_start();

Thanks again

Think I found it system/startup.php

Im totally stumped on this one? Anybody got any ideas? Daniel?

All it can say is look at the session class and look at the documentation on the php.net site about the session handler.

OK Ive found the session class and will have a bash at it but bet I break it!

I wee update on this incase anybody is trying the same thing, so far Ive tried setting the domain manually;
turned into
this didnt work, I then tried to use 'GET' cookie params which also made no difference.

Hopefully someone brighter than me solves this as its quite a key issue for many with shared SSL.

Did you ever solve the issue ?

Hi,

No I didnt really. Well I used to be hosted with Bluehost who were most unhelpful. Because I got pissed of with them I started my own hosting company so no longer have the issue.

Plus if you use Worldpay or the basic level of integration with Sagepay you dont need to use the HTTPS as the payment gateways have all the security you need to protect customers card details.

Sorry I couldnt offer more help on this. My advise is if you are having similar problems to source a host that can solve the problem or get yourself a dedicated server if you are flush!

Look passing from

http://www.yourstore.com

to

https://www.yourstore.com

works fine!

Its when you share an SSL certifcate on a sub domain it will not work!

Such as;

https://secure.yourstore.com


How do you expect a cookie to pass between 2 domain names? its a big security risk!

ZenCart, OSC, and all others do it. It's not really a risk as shared ssl is quite popular. We'll figure it out eventually.