问题
I have a site (built on LAMP (cakephp) and has ssl certificate installed) which has a secure payment page. After filling up necessary information user proceeds to a payment gateway page. After all the process at the gateway end, gateway redirects to one of my URL, which I have to mention with a payment request. Now when I keep this url as http redirect happens properly and all the sessions are maintained. But I want to make this page as https, and when the payment gateway redirects to the https version of the URL, my session information dies and I get redirected to my home page.
eg: my payment page https://www.mysite.com/payment
from here user goes to the payment gateway site, does necessary things and payment gateway redirects it to
http://www.mysite.com/paymentResponse (this url i have to mention in the request)
now i have to make this as HTTPS, but when I do that my session info dies
Plz help me
Thanks, Dinesh
回答1:
I don't know why it supposedly works for plain HTTP requests, but the problem may be related to Configure::write('Security.level') being set to medium or high, which activates PHP's session.referer_check, which may be the reason sessions are dying for you when being redirected from external sites.
来源:https://stackoverflow.com/questions/4989946/https-to-https-redirect-session-issue