[thelist] web site check (again)
VOLKAN ÖZÇELİK
volkan.ozcelik at gmail.com
Mon Jun 13 09:32:11 CDT 2005
>
> I had problems with session handling in PHP. When browsing the site, it
> uses http, but when you checkout, it transfers to https, and the session
> is lost, losing the basket contents! I think this may be because the ssl
> certificate was registered for https://onlinekitchenware.co.uk, and not
> https://www.onlinekitchenware.co.uk
I've no tested it but it seems to be a cross-domain restriction.
I am not sure whether an http url can share session info with an https url.
But imho, it should be unrelated to where your certificate was
registered at. I have an SSL certificate requested by me, and issued
by me again (that is, I trust myself :) ) and I use https happily with
it.
However when I first log in, a message box is displayed that the site
has not been verified by an authority, am I sure to proceed etc.
imho, the "registered for" part enables the client to trust your site,
so that the alert will not pop up when you connect to the site,
nothing else.
We use ssl on the entire process (after a hacker attack to our system;
you may have seen a recent thread on hacking and security and my
sleepless nights)
> I am loathe to change it now, as many of the links are hard coded
> absolute links.
If there's no option a project-wide search and replace will take less
than half a day, I suppose. But I would loathe, if I were you as well.
HTH,
Volkan.
More information about the thelist
mailing list