sslserver on different domain, same IP: how to handle session cookie?
The documentation says:
sslserver: use an alternate server name for SSL URLs, like
'secure.example.org'. You should be careful to set cookie
parameters correctly so that both the SSL server and the
"normal" server can access the session cookie and
preferably other cookies as well.
Is it possible for me to have my sslserver on a completely different domain than my regular server (but the same IP address), yet share the session cookie?
sslserver: use an alternate server name for SSL URLs, like
'secure.example.org'. You should be careful to set cookie
parameters correctly so that both the SSL server and the
"normal" server can access the session cookie and
preferably other cookies as well.
Is it possible for me to have my sslserver on a completely different domain than my regular server (but the same IP address), yet share the session cookie?
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Comments
$config['site']['server'] = 'www.malcolm.id.au';
$config['site']['path'] = 'mublog';
$config['site']['fancy'] = true;
$config['site']['ssl'] = 'sometimes';
$config['site']['sslserver'] = 'mail.malcolm.id.au';
$config['sessions']['handle'] = true;
session_set_cookie_params(0, '/'. $config['site']['path'] .'/', '.malcolm.id.au');
So I should, I'd have thought, be able to log in at https://mail.malcolm.id.au/mublog and get returned to http://www.malcolm.id.au/mublog, but it doesn't work although the cookie that gets set seems right:
Name: PHPSESSID
Content: [deleted]
Domain: .malcolm.id.au
Path: /mublog/
Send For: Any type of connection
Expires: At end of session
However I also have a cookie named StatusNetInstance which is set just for mail.malcolm.id.au, could that be the problem?
In my log I get this error: "Session cookie [deleted] is set but started value is null".
I have StatusNet 0.9.9 and PHP 5.3.