Silverstripe Version:
3.5.2
Question:
Does anyone know why Session lost when it redirect from Payment page to our Silverstribe if our SilverStribe page using SSL? (Member::currentMember lost)
I notice that without SSL, Session is not lost.
I have configured my .htaccess as below:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://domain.com/$1 [R,L]Have a look at the ‘Transport Layer Security’ section of this page:
https://www.owasp.org/index.php/Session_Management_Cheat_Sheet
Ideally you want to keep entirely in the secure protocol for all operations from start-to-finish.
Hi @Tim
Thanks for your point. My website now totally in secure, i have applied SSL for website (by configure redirect rule on .htaccess), all redirect in my site now in secure, and session doesn’t lost internally.
The problem only happen when redirect from Payment page after payment complete (for example Paypal) to my page.