Home/ Questions/Q 806755
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T00:17:44+00:00

My host requires me to use a different domain for SSL secured access (shared

  • 0

My host requires me to use a different domain for SSL secured access (shared SSL), so I need to transition the user session between two domains. One part of the page lives at http://example.com, while the SSL’d part is at https://example.hosting.com. As such I can’t set a domain-spanning cookie.

What I’m trying to do is to transition the session id over and re-set the cookie like this:

  • http://example.com/normal/page, user clicks link to secure area and goes to:
  • http://example.com/secure/page, which causes a redirect to:
  • https://example.hosting.com/secure/page?sess=ikub..., which resurrects the session and sets a new cookie valid for the domain, then redirects to:
  • https://example.hosting.com/secure/page

This works up to the point where the session should be resurrected. I’m doing:

function beforeFilter() {
    ...
    $this->Session->id($_GET['sess']);
    $this->Session->activate();
    ...
}

As far as I can tell this should start the session with the given ID. It actually generates a new session ID though and this session is empty, the data is not restored.

This is on CakePHP 1.2.4. Do I need to do something else, or is there a better way to do what I’m trying to do?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    When Configure::write('Security.level') is set to medium or higher, session.referer_check is implicitly activated, which makes the whole thing fail. Setting the security level to low (or using a custom session configuration) makes everything work as it should.

    There went about 5 hours of debugging… ( -_-;;)

    • 0