Manually start session with specific id / transitioning session cookie between domains

Posted by deceze on Stack Overflow See other posts from Stack Overflow or by deceze
Published on 2010-05-25T02:38:35Z Indexed on 2010/05/25 2:41 UTC
Read the original article Hit count: 354

Filed under:
|
|

My host requires me to use a different domain for SSL secured access (shared SSL), so I need to transition the user session between two domains. One part of the page lives at http://example.com, while the SSL'd part is at https://example.hosting.com. As such I can't set a domain-spanning cookie.

What I'm trying to do is to transition the session id over and re-set the cookie like this:

  • http://example.com/normal/page, user clicks link to secure area and goes to:
  • http://example.com/secure/page, which causes a redirect to:
  • https://example.hosting.com/secure/page?sess=ikub..., which resurrects the session and sets a new cookie valid for the domain, then redirects to:
  • https://example.hosting.com/secure/page

This works up to the point where the session should be resurrected. I'm doing:

function beforeFilter() {
    ...
    $this->Session->id($_GET['sess']);
    $this->Session->activate();
    ...
}

As far as I can tell this should start the session with the given ID. It actually generates a new session ID though and this session is empty, the data is not restored.

This is on CakePHP 1.2.4. Do I need to do something else, or is there a better way to do what I'm trying to do?

© Stack Overflow or respective owner

Related posts about session

Related posts about cakephp