gistfile1.php

<?php

function h($str)
{
  return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
}

$cookie_params = session_get_cookie_params();

if (isset($_SERVER['HTTPS']) && 'on' === $_SERVER['HTTPS'])
{
  $is_ssl = true;

  session_name('_secure');
  session_id('secure-session-id');
}
else
{
  $is_ssl = false;

  session_set_cookie_params($cookie_params['lifetime'], $cookie_params['path'], $cookie_params['domain'], true);
  session_name('_normal');
}
session_start();

$host = $_SERVER['HTTP_HOST'];
if ($_pos = strpos($host, ':'))
{
  $host = substr($host, 0, $_pos);
}

if (isset($_GET['mode']))
{
  $mode = $_GET['mode'];
  if ('login' === $mode)
  {
    $_SESSION['message'] = 'HTTPS 用セッションID使用';
    session_write_close();

    session_name('_normal');
    session_start();

    session_id('normal-session-id');

    session_set_cookie_params($cookie_params['lifetime'], $cookie_params['path'], $cookie_params['domain'], false);

    $_SESSION['message'] = 'HTTP 用セッションID使用';

    session_write_close();
  }
  elseif ('logout' === $mode)
  {
    session_destroy();
  }

  echo '<a href="./cookie">Jump</a>';
  exit;
}

$message = 'セッションIDなし';
if (isset($_SESSION['message']))
{
  $message = $_SESSION['message'];
}

?>
<p><?php echo h($message) ?></p>

<ul>
<li><a href="https://<?php echo h($host) ?>/cookie.php?mode=login">login</a></li>
<li><a href="http://<?php echo h($host) ?>/cookie.php">HTTP</a></li>
<li><a href="https://<?php echo h($host) ?>/cookie.php">HTTPS</a></li>
</ul>