How can I set a cookie in PHP that is readable both in HTTP and HTTPS?
If this isn't possible, what can be done? Set two cookies?
+2
A:
Assuming your domain name remains the same except for the resource type, cookies in PHP (or any language) can be read from both HTTP and HTTPS.
i.e.:
http://www.example.com
https://www.example.com
In this example, the cookies will be readable from each other.
David Pfeffer
2010-02-23 20:13:59
you forgot to put the example
Paulocoghi
2010-02-23 20:18:43
The example is right there. I'm demonstrating that the same URL with just the resource identifier changed will still use the same cookies. Cookie domains are based on DNS name, and do not have awareness of protocol. To clarify, you do not need to do anything special at all to receive your desired effect. See the Cookie spec for more information: http://curl.haxx.se/rfc/cookie_spec.html
David Pfeffer
2010-02-23 20:37:58
+1
A:
By default, a cookie can be read by both http and https at the same URL.
However, a server can optionally specify the 'secure' flag while setting a cookie this tells the browser to only send it over a secure channel, such as an SSL connection.
In this case the cookie will only be sent over https. A cookie not marked as secure will be sent over both http and https.
Andrew Strong
2010-02-23 21:14:21