?
Solved

Session Variables Lost (IE only)

Posted on 2005-03-08
18
Medium Priority
?
608 Views
Last Modified: 2008-02-01
Hey y'all,

I can't maintain session variables in IE on an intranet site running Apache 2.0, PHP 5.
This intranet site is a dev site for a soon to be production site.
Mozilla, Opera, Firefox ALL work.
For security reasons, the session variables must be stored in a cookie.  
The cookie never gets set.

Any ideas?

Bob.
0
Comment
Question by:BillyBoJimBob
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 2
  • +1
18 Comments
 
LVL 27

Expert Comment

by:caterham_www
ID: 13492182
Hi,
did you already check the security and privacy settings in IE? For IE 6 go to Extras --> internet options  and click on the tab 'Privacy'. The value should be set to "medium" or "low". Or allow cookies for your domain by clicking on the button "Advanced" below and add your domain.

For IE 5 check Extras -->  internet options -> security -- Enable Cookies

Robert
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13493562
How do you set the cookie?
Best is to use a sniffer or proxy to see the HTTP header send to the browser
in mozilla, firefox you can install the LiveHTTPheader extension for that
0
 
LVL 1

Author Comment

by:BillyBoJimBob
ID: 13497626
caterham_www:
All cookies allowed in IE6.  The cookie is just not getting created in IE, but does in Mozilla, Opera, and Firefox.

ahoffmann:
Cookies set in php using $_COOKIE
Sniffer used: IECookiesView (http://www.nirsoft.net/utils/iecookies.html).
IECookiesView verifies cookie is not getting created.

Bob.
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 1

Author Comment

by:BillyBoJimBob
ID: 13498104
Cookies are used to handle session.
Variable used: $_SESSION, not $_COOKIE.

IE http header sniffer used: ieHTTPHeaders (http://www.blunck.info/iehttpheaders.html).

Bob.
0
 
LVL 1

Author Comment

by:BillyBoJimBob
ID: 13498305
Here's the header information:

Mozilla:

POST /form/login.php HTTP/1.1
Host: csi_dev.csint.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://csi_dev.csint.com/dealer/
Cookie: PHPSESSID=orvskt44jp9ec9iiphroh06rn0
Content-Type: application/x-www-form-urlencoded
Content-Length: 81
login=1&target=%2Findex.php&username=myusername&password=mypassword


HTTP/1.x 302 Found
Date: Wed, 09 Mar 2005 17:19:03 GMT
Server: Apache/2.0.53 (Win32) mod_ssl/2.0.53 OpenSSL/0.9.7e PHP/5.0.3
X-Powered-By: PHP/5.0.3
Set-Cookie: PHPSESSID=orvskt44jp9ec9iiphroh06rn0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: https://csi_dev.csint.com/index.php
P3P: CP="NON ADMa OUR NOR UNI"
Content-Length: 0
Keep-Alive: timeout=15, max=77
Connection: Keep-Alive
Content-Type: text/html
----------------------------------------------------------
https://csi_dev.csint.com/dealer/index.php

GET /dealer/index.php HTTP/1.1
Host: csi_dev.csint.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://csi_dev.csint.com/
Cookie: PHPSESSID=orvskt44jp9ec9iiphroh06rn0

----------------------------------------------------------




IE Header:

POST /form/login.php HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: https://csi_dev.csint.com/dealer/
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Host: csi_dev.csint.com
Content-Length: 81
Connection: Keep-Alive
Cache-Control: no-cache

login=1&target=%2Findex.php&username=myusername&password=mypassword

HTTP/1.1 302 Found
Date: Wed, 09 Mar 2005 17:08:03 GMT
Server: Apache/2.0.53 (Win32) mod_ssl/2.0.53 OpenSSL/0.9.7e PHP/5.0.3
X-Powered-By: PHP/5.0.3
Set-Cookie: PHPSESSID=evsdb57s7ljdaq3bp6ndb3kkg1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: https://csi_dev.csint.com/index.php
P3P: CP="NON ADMa OUR NOR UNI"
Content-Length: 0
Connection: close
Content-Type: text/html

GET /dealer/index.php HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: https://csi_dev.csint.com/dealer/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Host: csi_dev.csint.com
Connection: Keep-Alive
Cache-Control: no-cache


Why doesn't IE keep the cookie that was set?

Bob.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13498620
LOL

> Set-Cookie: PHPSESSID=evsdb57s7ljdaq3bp6ndb3kkg1; path=/
> Expires: Thu, 19 Nov 1981 08:52:00 GMT

why should IE use that cookie? it expired 20 years ago ;-)
You may consider this a bug in mozilla

Also: your "Expire: " apears as a separate line in the header, if this is the truth the bug is in IE not mozilla (where mozilla silentliy ignores the unknown Expire header)
Please veryfy if the Expire is in the same line (no newline and/or carriage return) as the Set-Cookie.
0
 
LVL 1

Author Comment

by:BillyBoJimBob
ID: 13498744
I'm not controlling the header, that's what PHP sends to establish a cookie that is destroyed when the browser is closed.
The session closes when the browser does.

I have the same setup on another server, and the expire line is identical and it WORKS with IE.

{:> (hair falling out)

Bob.
0
 
LVL 1

Author Comment

by:BillyBoJimBob
ID: 13498774
This appears to be more a PHP problem than an apache server problem.

Bob.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13498777
I'd use a sniffer and check the traffic, it's realy important how the header looks like, IE is a bit picky here ..
0
 
LVL 1

Author Comment

by:BillyBoJimBob
ID: 13498955
>> I'd use a sniffer and check the traffic
httpheadersniffer,cookiesniffer,packetsniffer?

Bob.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13499168
tcpdump, ethereal .. could be on client or server side (assuming that routers don't change anything)
0
 
LVL 1

Author Comment

by:BillyBoJimBob
ID: 13499736
What am I looking for?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13499851
only the HTTP-header, in particular the Set-Cookie: line in the response
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 13509918
damn, my comment in http:#13498620 is wrong, sorry
the HTTP header is ok, the Expire is the expire header for the page itself

same problem in PHP TA, see also: http:/Q_21345910.html
0
 
LVL 27

Expert Comment

by:caterham_www
ID: 13522400
> All cookies allowed in IE6.  The cookie is just not getting created in IE, but does in Mozilla, Opera, and Firefox.

Did you also try
> clicking on the button "Advanced" below and add your domain.
?
try to add/allow your domain there. I don't think that this would work, but have a try on it...
see also http:Q_21347545.html
0
 
LVL 4

Accepted Solution

by:
armeen earned 2000 total points
ID: 13604017
the cookies are rejected because of the underscore in the server name, remove it and you it should start working.
0
 
LVL 1

Author Comment

by:BillyBoJimBob
ID: 13605019
Armeen,

That did it.

I can't believe it was such an "easy" fix.

Thanks,
Bob.
0
 
LVL 4

Expert Comment

by:armeen
ID: 13605213
cool, it's annoying, I know microsoft have a kb article but when the security patch first made the change a serious amount of people were affected by this and they didn't really make a big deal of telling people.
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses
Course of the Month8 days, 5 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question