0

It has come to my attention that my website is not working correctly under many versions of Internet Explorer. After looking around everywhere, I did a "cookie" test (http://www.rgagnon.com/jsdetails/js-0092.html), and realized that cookies are not working when I use any version of IE, but works fine with Chrome, Firefox, Safari ...

It seems that when cookies are not working, then my session variables keep disappearing. I use php session. Isn't PHP supposed to deal with that problem automatically?

I do use some javascript window.location, and some ajax calls (phplivex). Could it be because of that? Does it not append the phpsessionid at the end of all urls no matter what?

Improve this question
5
  • Are you using session_start() on each and every page? Commented Nov 17, 2009 at 0:45
  • Yes, I think now that it's because php does not add the session ID to javascript codes such as window.location Commented Nov 17, 2009 at 0:50
  • @nute: PHP session management is based on cookie, so if IE don't remember cookies somehow that's normal you loose your session all the time Commented Nov 17, 2009 at 1:11
  • Would you recommend then that I tell my users that they need to accept cookies if they want to use our site, instead of inserting the session id in the URLs? Commented Nov 17, 2009 at 1:40
  • Yes. Putting the session id in the URL is a potential security risk: phpsec.org/projects/guide/4.html Commented Nov 17, 2009 at 2:12

2 Answers 2

Reset to default
1

Could it be the timezone issue? See Session cookies rejected by Internet Explorer.

Final Solution

The timezone issue did give me a hint to check the time on my client and server. My client is a Windows laptop which had the correct time and timezone thanks to being synchronized with the NTP protocol. My server on the other hand was out of sync.

The timezone was correct, but the UTC time was set to my local time instead. As a result, the server was actually six hours in the past as far as the client was concerned. A timeout of one hour would have expired in the past for an IE instance running on my client. No wonder IE was rejecting my sessions.

I ran ntpdate to fix my time and then reset my timezone using tzselect.

# ntpdate pool.ntp.org
# tzselect

I then refreshed IE which immediately started accepting the sessions. All aspects of my application started working correctly. So much for so little.

Moral of the story, use NTP to ensure that your machines have their time set correctly.

So basically make sure the UTC time is correct on your server and for good measure explicitly set the PHP timezone (you'll get a warning under E_STRICT if you don't anyway).

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Nope. I've just set IE to "accept all cookies" and it now works. So I am now convinced that my application cannot handle access with cookies disabled.
0

nute are you sure this not have to do with your particular IE install. have you tried on different machine ?

As a whole workaround you can to use use_trans_sid, it would make the session id passed by URL instead of cookie. WARNING use_trans_sid can create big security problems so I think you have better to investigate where the problem come from and if you really don't find any solution use this.

Improve this answer

2 Comments

Yeah after many tests now, I am convinced that it simply comes down to having cookies enabled or not. Would you recommend then that I tell my users that they need to accept cookies if they want to use our site, instead of inserting the session id in the URLs?
yes I would recommend more an user warning then the use_trans_sid, the use_trans_sid was kind of a hack to build mobile phone website. Plus since all the session handling in J2EE, ASP.NET, PHP (and all I have forgot) are cookie based, I think an user not accepting cookies would encounter problems not only on your website but on pretty much any website!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.