ssl prob - cookie set, but session isn't resumed

[MaritimeSource]

Hi,

 

I just moved servers, and now I see that ssl isn't working. All I did was change the server name in the configure.php, like so:

 

define('HTTP_SERVER', 'http://textools.org'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://secure.maritimesource.ca/~textools'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'textools.org');

define('HTTPS_COOKIE_DOMAIN', 'secure.maritimesource.ca');

define('HTTP_COOKIE_PATH', '/store/');

define('HTTPS_COOKIE_PATH', '/~textools/store/');

define('DIR_WS_HTTP_CATALOG', '/store/');

define('DIR_WS_HTTPS_CATALOG', '/store/');

 

When I login without ssl enabled, it works. With ssl enabled, it just acts like nothing happens. I output the session and cookie arrays after they are setup in login.php, but after login.php redirects to another page the session isn't resumed so those settings that were initialized in login are lost.

 

Please help.

 

Url: https://secure.maritimesource.ca/~textools/store/login.php

 

p.s. As I just changed dns on the domain, the above might not work for you yet.

[Guest]

change this

 

define('HTTPS_SERVER', 'https://secure.maritimesource.ca/~textools');

 

to

 

define('HTTPS_SERVER', 'https://secure.maritimesource.ca');

 

and then set all paths accordingly. You do not place paths in the domains/servers definitions

[MaritimeSource]

Thanks for the reply. Here's what I have now:

 

define('HTTP_SERVER', 'http://textools.org');

define('HTTPS_SERVER', 'https://secure.maritimesource.ca');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'textools.org');

define('HTTPS_COOKIE_DOMAIN', 'secure.maritimesource.ca');

define('HTTP_COOKIE_PATH', '/store/');

define('HTTPS_COOKIE_PATH', '/~textools/store/');

define('DIR_WS_HTTP_CATALOG', '/store/');

define('DIR_WS_HTTPS_CATALOG', '/~textools/store/');

 

But I still cannot login. I looked at the cookie being stored, and this is it:

Name osCsid

Value c06aec9d8e63eff8cc2ea90f2d767c17

Host secure.maritimesource.ca

Path /~textools/store/

Secure No (hrm... maybe this is it???)

 

btw: I had to modify tep_redirect to work in this shared ssl environment:

IT Was:

$url = substr($url, strlen(HTTP_SERVER));

$url = HTTPS_SERVER . $url;

 

Now:

$buf = substr($url, strlen(HTTP_SERVER));

$buf = substr($buf, strlen(DIR_WS_HTTP_CATALOG));

$url = HTTPS_SERVER . DIR_WS_HTTPS_CATALOG . $buf;

[Guest]

are you certain the secure path is /~textools/store/ ??

 

Remember this is osc path within the store not an ftp path. You can try it simply as /store/

[MaritimeSource]

are you certain the secure path is /~textools/store/ ??

 

Remember this is osc path within the store not an ftp path. You can try it simply as /store/

 

 

I am using a shared ssl... so the ~textools is the name of the account and that needs to be on the url in order to determine what account it is for. See here:

https://secure.maritimesource.ca/~textools/store/build2.php

 

Is the path related to the URL and not the FTP? If so, then I believe it's right...

[Guest]

then seem like the secure links are not there. When I click a secure link at the to it stays on the non-ssl page. And the session changes with every click. It should stay the same. Are you using the tep_href_link function to generate the links?

 

And the drop-down lists of the design centre do not generate sessions.

[MaritimeSource]

Basically I just moved this site from one host to another. It worked fine on the other host with the their shared ssl, and now it doesn't work on the new host.

 

Any more ideas?

[MaritimeSource]

It must've been a php version thing, because I fixed it by setting Admin->sessions->recreate session to false