bshirey44 Posted August 1, 2013 Share Posted August 1, 2013 Hello Everyone, I am suddenly experiencing an issue with the billing.php script. Once the checkout form is validated it redirects to billing.php. The problem seems to be that once billing.php starts the session, it is getting a different session_id and then gets out at the top and ends up at the empty cart screen because it has lost the previous session values thus preventing the checkout process from completing. I am stumped as to how this is happening. Here is the code from the top of billing.php where it gets out: // Require the configuration before any PHP code: require ('./includes/config.inc.php'); // Start the session: session_start(); // The session ID is the users cart ID: $uid = session_id(); // Check that this is valid: if (!isset($_SESSION['customer_id'])) { // Redirect the user. $location = 'https://' . BASE_URL . 'checkout.php'; header("Location: $location"); exit(); } it is not finding the $_SESSION['customer_id'] which is being set correctly in checkout.php but is being whiped out somehow. Any help is much appreciated. Thanks. Link to comment Share on other sites More sharing options...
bshirey44 Posted August 1, 2013 Author Share Posted August 1, 2013 It seems to have something to do with the post variables getting wiped out once the https request is made. Could this be because of my ssl certificate is bad? Link to comment Share on other sites More sharing options...
bshirey44 Posted August 1, 2013 Author Share Posted August 1, 2013 OK so i've gotten it to work by passing the session id to the https billing.php page through the url and retrieving it via get. But is this a security risk? Link to comment Share on other sites More sharing options...
abigail Posted August 2, 2013 Share Posted August 2, 2013 Put everything that access your database under SSL. So SSL-secure pages are entirely separate from non-secure pages. To pass between them, pass your Product Id or something harmless like that. Link to comment Share on other sites More sharing options...
bshirey44 Posted August 2, 2013 Author Share Posted August 2, 2013 I think I found the correct solution. I added the following line to the config in the includes so that it gets used by all pages, both http and https. session_set_cookie_params(0, '/', '.yourdomain', true, false); Now the session is properly getting passed to and from all pages. Link to comment Share on other sites More sharing options...
Larry Posted August 2, 2013 Share Posted August 2, 2013 That's a fine solution. I thought I had the session cookie being passed in the URL to the HTTPs pages in the book, however. I could be wrong. Link to comment Share on other sites More sharing options...
bshirey44 Posted August 5, 2013 Author Share Posted August 5, 2013 Also I wanted to add that it makes sense to add a 301 redirect in your htaccess file to the full url www.domain.com. That way if someone would type in domain.com or http://domain.com they end up at the full www url. I found that this also fixed an issue i was having with the cookie session being properly maintained as the site is navigated. Link to comment Share on other sites More sharing options...
Larry Posted August 5, 2013 Share Posted August 5, 2013 That's a good idea and thanks for suggesting it. Kind of depends upon how you run your site, though. You may want to redirect from www.domain.com to domain.com. More and more sites are dropping the www. subdomain these days. Link to comment Share on other sites More sharing options...
Recommended Posts