BillyBoJimBob
asked on
Session Variables Lost (IE only)
Hey y'all,
I can't maintain session variables in IE on an intranet site running Apache 2.0, PHP 5.
This intranet site is a dev site for a soon to be production site.
Mozilla, Opera, Firefox ALL work.
For security reasons, the session variables must be stored in a cookie.
The cookie never gets set.
Any ideas?
Bob.
I can't maintain session variables in IE on an intranet site running Apache 2.0, PHP 5.
This intranet site is a dev site for a soon to be production site.
Mozilla, Opera, Firefox ALL work.
For security reasons, the session variables must be stored in a cookie.
The cookie never gets set.
Any ideas?
Bob.
How do you set the cookie?
Best is to use a sniffer or proxy to see the HTTP header send to the browser
in mozilla, firefox you can install the LiveHTTPheader extension for that
Best is to use a sniffer or proxy to see the HTTP header send to the browser
in mozilla, firefox you can install the LiveHTTPheader extension for that
ASKER
caterham_www:
All cookies allowed in IE6. The cookie is just not getting created in IE, but does in Mozilla, Opera, and Firefox.
ahoffmann:
Cookies set in php using $_COOKIE
Sniffer used: IECookiesView (http://www.nirsoft.net/utils/iecookies.html).
IECookiesView verifies cookie is not getting created.
Bob.
All cookies allowed in IE6. The cookie is just not getting created in IE, but does in Mozilla, Opera, and Firefox.
ahoffmann:
Cookies set in php using $_COOKIE
Sniffer used: IECookiesView (http://www.nirsoft.net/utils/iecookies.html).
IECookiesView verifies cookie is not getting created.
Bob.
ASKER
Cookies are used to handle session.
Variable used: $_SESSION, not $_COOKIE.
IE http header sniffer used: ieHTTPHeaders (http://www.blunck.info/iehttpheaders.html).
Bob.
Variable used: $_SESSION, not $_COOKIE.
IE http header sniffer used: ieHTTPHeaders (http://www.blunck.info/iehttpheaders.html).
Bob.
ASKER
Here's the header information:
Mozilla:
POST /form/login.php HTTP/1.1
Host: csi_dev.csint.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
Accept: text/xml,application/xml,a pplication /xhtml+xml ,text/html ;q=0.9,tex t/plain;q= 0.8,image/ png,*/*;q= 0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q =0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://csi_dev.csint.com/dealer/
Cookie: PHPSESSID=orvskt44jp9ec9ii phroh06rn0
Content-Type: application/x-www-form-url encoded
Content-Length: 81
login=1&target=%2Findex.ph p&username =myusernam e&password =mypasswor d
HTTP/1.x 302 Found
Date: Wed, 09 Mar 2005 17:19:03 GMT
Server: Apache/2.0.53 (Win32) mod_ssl/2.0.53 OpenSSL/0.9.7e PHP/5.0.3
X-Powered-By: PHP/5.0.3
Set-Cookie: PHPSESSID=orvskt44jp9ec9ii phroh06rn0 ; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: https://csi_dev.csint.com/index.php
P3P: CP="NON ADMa OUR NOR UNI"
Content-Length: 0
Keep-Alive: timeout=15, max=77
Connection: Keep-Alive
Content-Type: text/html
-------------------------- ---------- ---------- ---------- --
https://csi_dev.csint.com/dealer/index.php
GET /dealer/index.php HTTP/1.1
Host: csi_dev.csint.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
Accept: text/xml,application/xml,a pplication /xhtml+xml ,text/html ;q=0.9,tex t/plain;q= 0.8,image/ png,*/*;q= 0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q =0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://csi_dev.csint.com/
Cookie: PHPSESSID=orvskt44jp9ec9ii phroh06rn0
-------------------------- ---------- ---------- ---------- --
IE Header:
POST /form/login.php HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-fl ash, */*
Referer: https://csi_dev.csint.com/dealer/
Accept-Language: en-us
Content-Type: application/x-www-form-url encoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Host: csi_dev.csint.com
Content-Length: 81
Connection: Keep-Alive
Cache-Control: no-cache
login=1&target=%2Findex.ph p&username =myusernam e&password =mypasswor d
HTTP/1.1 302 Found
Date: Wed, 09 Mar 2005 17:08:03 GMT
Server: Apache/2.0.53 (Win32) mod_ssl/2.0.53 OpenSSL/0.9.7e PHP/5.0.3
X-Powered-By: PHP/5.0.3
Set-Cookie: PHPSESSID=evsdb57s7ljdaq3b p6ndb3kkg1 ; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: https://csi_dev.csint.com/index.php
P3P: CP="NON ADMa OUR NOR UNI"
Content-Length: 0
Connection: close
Content-Type: text/html
GET /dealer/index.php HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-fl ash, */*
Referer: https://csi_dev.csint.com/dealer/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Host: csi_dev.csint.com
Connection: Keep-Alive
Cache-Control: no-cache
Why doesn't IE keep the cookie that was set?
Bob.
Mozilla:
POST /form/login.php HTTP/1.1
Host: csi_dev.csint.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
Accept: text/xml,application/xml,a
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q
Keep-Alive: 300
Connection: keep-alive
Referer: https://csi_dev.csint.com/dealer/
Cookie: PHPSESSID=orvskt44jp9ec9ii
Content-Type: application/x-www-form-url
Content-Length: 81
login=1&target=%2Findex.ph
HTTP/1.x 302 Found
Date: Wed, 09 Mar 2005 17:19:03 GMT
Server: Apache/2.0.53 (Win32) mod_ssl/2.0.53 OpenSSL/0.9.7e PHP/5.0.3
X-Powered-By: PHP/5.0.3
Set-Cookie: PHPSESSID=orvskt44jp9ec9ii
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: https://csi_dev.csint.com/index.php
P3P: CP="NON ADMa OUR NOR UNI"
Content-Length: 0
Keep-Alive: timeout=15, max=77
Connection: Keep-Alive
Content-Type: text/html
--------------------------
https://csi_dev.csint.com/dealer/index.php
GET /dealer/index.php HTTP/1.1
Host: csi_dev.csint.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
Accept: text/xml,application/xml,a
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q
Keep-Alive: 300
Connection: keep-alive
Referer: https://csi_dev.csint.com/
Cookie: PHPSESSID=orvskt44jp9ec9ii
--------------------------
IE Header:
POST /form/login.php HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-fl
Referer: https://csi_dev.csint.com/dealer/
Accept-Language: en-us
Content-Type: application/x-www-form-url
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Host: csi_dev.csint.com
Content-Length: 81
Connection: Keep-Alive
Cache-Control: no-cache
login=1&target=%2Findex.ph
HTTP/1.1 302 Found
Date: Wed, 09 Mar 2005 17:08:03 GMT
Server: Apache/2.0.53 (Win32) mod_ssl/2.0.53 OpenSSL/0.9.7e PHP/5.0.3
X-Powered-By: PHP/5.0.3
Set-Cookie: PHPSESSID=evsdb57s7ljdaq3b
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: https://csi_dev.csint.com/index.php
P3P: CP="NON ADMa OUR NOR UNI"
Content-Length: 0
Connection: close
Content-Type: text/html
GET /dealer/index.php HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-fl
Referer: https://csi_dev.csint.com/dealer/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Host: csi_dev.csint.com
Connection: Keep-Alive
Cache-Control: no-cache
Why doesn't IE keep the cookie that was set?
Bob.
LOL
> Set-Cookie: PHPSESSID=evsdb57s7ljdaq3b p6ndb3kkg1 ; path=/
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
why should IE use that cookie? it expired 20 years ago ;-)
You may consider this a bug in mozilla
Also: your "Expire: " apears as a separate line in the header, if this is the truth the bug is in IE not mozilla (where mozilla silentliy ignores the unknown Expire header)
Please veryfy if the Expire is in the same line (no newline and/or carriage return) as the Set-Cookie.
> Set-Cookie: PHPSESSID=evsdb57s7ljdaq3b
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
why should IE use that cookie? it expired 20 years ago ;-)
You may consider this a bug in mozilla
Also: your "Expire: " apears as a separate line in the header, if this is the truth the bug is in IE not mozilla (where mozilla silentliy ignores the unknown Expire header)
Please veryfy if the Expire is in the same line (no newline and/or carriage return) as the Set-Cookie.
ASKER
I'm not controlling the header, that's what PHP sends to establish a cookie that is destroyed when the browser is closed.
The session closes when the browser does.
I have the same setup on another server, and the expire line is identical and it WORKS with IE.
{:> (hair falling out)
Bob.
The session closes when the browser does.
I have the same setup on another server, and the expire line is identical and it WORKS with IE.
{:> (hair falling out)
Bob.
ASKER
This appears to be more a PHP problem than an apache server problem.
Bob.
Bob.
I'd use a sniffer and check the traffic, it's realy important how the header looks like, IE is a bit picky here ..
ASKER
>> I'd use a sniffer and check the traffic
httpheadersniffer,cookiesn iffer,pack etsniffer?
Bob.
httpheadersniffer,cookiesn
Bob.
tcpdump, ethereal .. could be on client or server side (assuming that routers don't change anything)
ASKER
What am I looking for?
only the HTTP-header, in particular the Set-Cookie: line in the response
damn, my comment in http:#13498620 is wrong, sorry
the HTTP header is ok, the Expire is the expire header for the page itself
same problem in PHP TA, see also: http:/Q_21345910.html
the HTTP header is ok, the Expire is the expire header for the page itself
same problem in PHP TA, see also: http:/Q_21345910.html
> All cookies allowed in IE6. The cookie is just not getting created in IE, but does in Mozilla, Opera, and Firefox.
Did you also try
> clicking on the button "Advanced" below and add your domain.
?
try to add/allow your domain there. I don't think that this would work, but have a try on it...
see also http:Q_21347545.html
Did you also try
> clicking on the button "Advanced" below and add your domain.
?
try to add/allow your domain there. I don't think that this would work, but have a try on it...
see also http:Q_21347545.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Armeen,
That did it.
I can't believe it was such an "easy" fix.
Thanks,
Bob.
That did it.
I can't believe it was such an "easy" fix.
Thanks,
Bob.
cool, it's annoying, I know microsoft have a kb article but when the security patch first made the change a serious amount of people were affected by this and they didn't really make a big deal of telling people.
did you already check the security and privacy settings in IE? For IE 6 go to Extras --> internet options and click on the tab 'Privacy'. The value should be set to "medium" or "low". Or allow cookies for your domain by clicking on the button "Advanced" below and add your domain.
For IE 5 check Extras --> internet options -> security -- Enable Cookies
Robert