Jump to content
Larry Ullman's Book Forums

Recommended Posts

I'm developing my site with shared hosting ssl certificate.

As Larry describes in the book, I'm trying to use the session id from the http pages after I get to the https pages, and be able to go back and forth.

From home page I click login, I log in and my code tries to redirect to loggedin page. But between login and loggedin there is a new id generated. That is what I think is happening. So that causes my loggedin page to fail because test says user is not logged in. And this will also cause everything else to fail but this is the first thing I'm testing.


Here is the code I am using, at the start of each page:

(I pass $sid in the url)


// Start output buffering:


// Start the session:

// if the session is available from the url use that otherwise start a new session


if (isset($_GET['sid'])) {

$sid = $_GET['sid'];

if ($sid > 0) { // I set it zero when there is none

echo "

Share this post

Link to post
Share on other sites

Well, it seems that I can't pass the session id by GET but I can pass it by POST.

I thought I should be able to pass it by GET.

But in researching this a little on the net, maybe GET is not a very secure way to do it.

And I'm thinking of just making my entire site https for now. If high traffic later, it could be upgraded then.


Share this post

Link to post
Share on other sites

You should be able to pass it by GET. While GET is more obvious than POST, it's arguably not significantly less secure (i.e., it's foolish to think that POST is more secure). And, of course, the session ID is getting passed back and forth in cookies, so there's that, too. In short, any HTTP transactions are theoretically viewable, whereas HTTPS are not.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...