PDA

View Full Version : sessions between http and https


m1a2x3x7
08-14-2007, 07:26 PM
A friend of mine has created a shopping cart and is using a SSL to take the order information but when the user access that order from page they lose everything in the cart since the sessions wont carry over to the SSL page.

here is the cart page


<?php
include ('book_sc_fns.php');
// The shopping cart needs sessions, so start one
session_start();

@ $new = $_GET['new'];

if($new)
{
//new item selected
if(!isset($_SESSION['cart']))
{
$_SESSION['cart'] = array();
$_SESSION['items'] = 0;
$_SESSION['total_price'] ='0.00';
}

if(isset($_SESSION['cart'][$new]))
$_SESSION['cart'][$new]++;
else
$_SESSION['cart'][$new] = 1;

$_SESSION['total_price'] = calculate_price($_SESSION['cart']);
$_SESSION['items'] = calculate_items($_SESSION['cart']);
}

if(isset($_POST['save']))
{
foreach ($_SESSION['cart'] as $isbn => $qty)
{
if($_POST[$isbn]=='0')
unset($_SESSION['cart'][$isbn]);
else
$_SESSION['cart'][$isbn] = $_POST[$isbn];
}
$_SESSION['total_price'] = calculate_price($_SESSION['cart']);
$_SESSION['items'] = calculate_items($_SESSION['cart']);
}

do_html_header('Your shopping cart');
echo "<center><img src=\"images/checkout1.gif\" alt=checkout /></center>";

if($_SESSION['cart']&&array_count_values($_SESSION['cart']))
display_cart($_SESSION['cart']);
else
{
echo '<p>There are no items in your cart</p>';
echo '<hr />';
}
$target = 'index.php';

// if we have just added an item to the cart, continue shopping in that category
if($new)
{
$details = get_book_details($new);
if($details['catid'])
$target = 'show_cat.php?catid='.$details['catid'];
}
display_button($target, 'continue-shopping', 'Continue Shopping');

display_button('https://www.myhostsite.com/folder/myfolder/checkout.php', 'go-to-checkout', 'Go To Checkout');
echo "<img src=\"images/checkout_credit_cards.gif\" alt=checkout />";


do_html_footer();
?>


here is the check out page


<?php
//include our function set
include ('book_sc_fns.php');

// The shopping cart needs sessions, so start one
session_start();
do_html_header('Checkout');
echo "<center><img src=\"http://mysite.com/images/checkout2.gif\" alt=checkout /></center>";
?>
<style type="text/css">
<!--
.style12 {font-family: Georgia, "Times New Roman", Times, serif; font-weight: bold; }
-->
</style>
<!--<table border="1" align="center" bgcolor="#FFFFFF">
<tr>
<td><p align="center" class="style12">Shipping is available only in the 48 contiguous United States. </p></td>
</tr>
</table>!-->
<div align="center"></div>
<div align="center"><?php
if($_SESSION['cart']&&array_count_values($_SESSION['cart']))
{
display_cart($_SESSION['cart'], false, 0);
display_checkout_form();
}
else
echo '<p>There are no items in your cart</p>';

display_button('http://mysite.com/show_cart.php', 'continue-shopping', 'Continue Shopping');

do_html_footer();

?>
</div>
<?php
echo "<img src=\"http://mysite.com/images/checkout_credit_cards.gif\" alt=checkout />";
?>


I have never worked with SSL so I'm not sure whats wrong.

Thanks

davidj
08-14-2007, 07:54 PM
you cant share sessions across different domains and http - https make them different

why not drop the order details in the db before switching to https

you can get the last db_id and append it to the checkout link then perform a $_GET['db_id'] to catch the id in the https page. Then use the id to query the db and retrieve the order details

m1a2x3x7
08-15-2007, 01:06 AM
thanks man I'll tell him