Infomation: IE + PHP Sessions

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
mchaggis
Forum Contributor
Posts: 150
Joined: Mon Mar 24, 2003 10:31 am
Location: UK

Infomation: IE + PHP Sessions

Post by mchaggis »

Hi,

I came across an interesting problem that had me stumped for some time and I thought I'd share, what would appear to be the solution.

History
I run a server with a lot of sites on it, that mostly all use an authentication script that I wrote (using sessions). The other week it was reported to me that alot of our users where suddenly unable to login (to any of the systems), on closer investigation I found that there was only one site that you could log in to and that all the users shared the same OS (Windows XP) and browser (IE6).
Further investigation narrowed the problem down the PHP sessions or more to the point the cookies that the sessions used. So I started to look into why this one site was still working as they ALL share the same code, and found a suttle difference. This site was allowing logins across a series of sub-domains.
The reason that IE6 seems to be picky is that the domain for the cookie in the php.in was blank:

Code: Select all

session.cookie_domain =
Solution 1
Because this was affecting all the sites I created a file and added it to the php.ini file:

Code: Select all

auto_prepend_file = /home/domain/sitewide/site_init.php
Note: Don't worry if you don't have access to edit the php.ini file as I will mention hat to do in a bit

The code is as follows:

Code: Select all

<?
ini_set("session.cookie_domain", $HTTP_SERVER_VARS&#1111;"SERVER_NAME"]);
?>
This seemed to fix the problem, as now every site on the server had a cookie domain and IE started logging people in fine.

However...

I recieved and email this morning saying the problem was back, and sure enough it was and not only that it was affecting my W2K box running IE6 now aswell. This of course baffled me and I attempted to tackle the problem again. Once again I looked at the site that had continued to work while all the others had broken and sure enough it was still working...!?

Solution 2

The difference in code seemed to be that I was also calling the function session_set_cookie_params in this script as well, up with trust vi and I revised the code:

Code: Select all

<?
ini_set("session.cookie_domain", $HTTP_SERVER_VARS&#1111;"SERVER_NAME"]);
session_set_cookie_params( time()+9999999, ""., $HTTP_SERVER_VARS&#1111;"SERVER_NAME"] );

if ( $HTTP_COOKIE_VARS&#1111;session_id_set] )
        session_id( $HTTP_COOKIE_VARS&#1111;session_id_set] );
?>
This seemed to do the job perfectly and all sites are allowing people to login yet again :D

Q: But I don't have access to the php.ini file
Ok, I used the php.ini file to sort this as I needed to make this work across an entire server running far to many sites to go in an manually edit them all. The code mentioned here will of course work in a normal script, hence the site that stayed working.

[rant]
Ok, fair enough, Microsoft want to to get secure (a 1st in my opinion) and yes maybe I should have done it "properly" in the first place. But it took me ages to figure out what the actual problem was (not so long to work out the solution) but a serries of questions have arrisen:
  • 1) Why then did my W2K box stop working when it had been fine while WXP had not?
    2) Why was my local webserver not affected (and wasn't for the second time around)?
    3) Why did the problem return (after a week) and start affecting my W2K (which as far as I believe hasn't been updated inbetween)?
Anwers on a postcard :wink:
[/rant]

Anyway, I hope this information helps and feel free to give me feedback or better solutions....
User avatar
mchaggis
Forum Contributor
Posts: 150
Joined: Mon Mar 24, 2003 10:31 am
Location: UK

[UPDATE]

Post by mchaggis »

Ok, so the problem returned! Why, I don't know as no code changes had occured.

The line that was changed to fix this (again!) was the session_set_cookie_params line, this is now:

Code: Select all

session_set_cookie_params( time()+3600, "/", $HTTP_SERVER_VARS&#1111;"SERVER_NAME"];
It would appear that IE is very picky about the cookie times. So I can only assume that it was the fact I wa settinng it to time()+9999999.

What is interesting is why did it suddenly stop working for both IE and Netscape??? :?

If anyone fancies following this up with an explanation, I would welcome with open arms

:? :? :?
Post Reply