Certain hosting providers (like HostGator) provide shared SSL certificates for accounts. What this means is that my HTTPS link is a different domain from my HTTP.
ie: the urls are something like http://www.mydomain.com and https://secure123.hostgator.com/~bill/
I'm trying to log the user in on the secure domain, set session variables and then redirect to the home page. However, when doing this, the session variables are lost.
Insecure Index.php:
<?php session_start();
echo $_SESSION['name'];
?>
<html><body>
<p><a href="https://secure123.hostgator.com/~bill/login.php">Login</a></p>
</body></html>
Secure Login.php:
<?php session_start();
$_SESSION['name'] = "Bill";
header("location: http://www.mydomain.com/index.php")
?>
How can I ensure the session variables are able to be read by all files on both http and https?
You can provide your session id via GET.
header("location: http://www.mydomain.com/index.php?PHPSESSID=".session_id());
On another side you can turnon session.use_trans_sid
Or set session id with function session_id()