cakephp session lose when moving from ssl to non-ssl

When we enable ssl for login/purchase related requests. it usually lose session when moving from ssl to non-ssl which might lead to you lost login status.

Workaround is to disable the session transition in cake core.

Below workaround works for cake1.3.4:

Cake was switching the session.cookie_secure ini value on-the-fly while under SSL connections automatically, So the cookie being created was a secure cookie, which the second page wouldn't recognize.

Solution, comment out /cake/lib/cake_session.php line 420 ish:

ini_set('session.cookie_secure', 1);

你可能感兴趣的:(PHP,cakephp)