Session Problem with IE but NOT Firefox ?!?!
Moderator: General Moderators
-
DessieD32
- Forum Newbie
- Posts: 8
- Joined: Wed Aug 16, 2006 5:04 am
- Location: Dublin, sunny ole Ireland
Session Problem with IE but NOT Firefox ?!?!
Hi
I have encountered a strange problem on a website I run which seems to be to do with sessions and the browser you use. It used to work fine, but recently something strange is going on.
When the user logins successfully, I set a session variable UID to their ID then redirect to the main index page. Every page has code at the start which does a session start, queries this session var and redirects back to the login page if it is 0.
With Firefox this works fine. However, when I use IE and login, the login page keeps getting re-displayed which indicates the session id is not being set and hence redirecting back to login.
If I use IE on the server itself it works ok.
The site is http://www.footiebingo.mine.nu so you can try it yourself with Firefox and IE and see. Pretty stumped over this - pretty new to PHP and sessions and would really appreciate any useful pointers.
I have encountered a strange problem on a website I run which seems to be to do with sessions and the browser you use. It used to work fine, but recently something strange is going on.
When the user logins successfully, I set a session variable UID to their ID then redirect to the main index page. Every page has code at the start which does a session start, queries this session var and redirects back to the login page if it is 0.
With Firefox this works fine. However, when I use IE and login, the login page keeps getting re-displayed which indicates the session id is not being set and hence redirecting back to login.
If I use IE on the server itself it works ok.
The site is http://www.footiebingo.mine.nu so you can try it yourself with Firefox and IE and see. Pretty stumped over this - pretty new to PHP and sessions and would really appreciate any useful pointers.
-
DessieD32
- Forum Newbie
- Posts: 8
- Joined: Wed Aug 16, 2006 5:04 am
- Location: Dublin, sunny ole Ireland
Just go ahead and register a bogus one - thats part of the problem - people have registered ok, then go back to login and dont get anywhere (only with IE though). Use a bogus email etc as it doesnt require verification etc.
From a prevvious post, I suspect the issue is down to my use of sessions and redirect. I'm not using the write session call before redirecting, and not using the full URL when redirecting.
Maybe Firefox handles the redirect a bit better maybe?
From a prevvious post, I suspect the issue is down to my use of sessions and redirect. I'm not using the write session call before redirecting, and not using the full URL when redirecting.
Maybe Firefox handles the redirect a bit better maybe?
-
DessieD32
- Forum Newbie
- Posts: 8
- Joined: Wed Aug 16, 2006 5:04 am
- Location: Dublin, sunny ole Ireland
Thanks Jay - will do later when Im home.
Will try making two changes to use session write before the redirect, and use full header with the rediect and see if that fixes it up.
Im pretty sure its down to this though, as all the pages have code to redirect back to login if the user id session var is zero.
Thanks again
Will try making two changes to use session write before the redirect, and use full header with the rediect and see if that fixes it up.
Im pretty sure its down to this though, as all the pages have code to redirect back to login if the user id session var is zero.
Thanks again
-
DessieD32
- Forum Newbie
- Posts: 8
- Joined: Wed Aug 16, 2006 5:04 am
- Location: Dublin, sunny ole Ireland
Found out what was causing the issue, but dont really know why - newbie to this etc
After successful login, I was creating session vars as follows then redirecting:
$_SESSION['var1'] = $var1
$_SESSION['var2'] = $var2
$_SESSION['var3'] = $_POST[userstuff];
session_write_close();
header('Location: http://homepage.php');
The var3 session was causing the problem with IE6, not Firefox - if I assigned the $_POST to a variable, then used it for the session it worked fine on IE & FireFox. If I tried assigning the session var from a $_POST - then IE would lose the session info. Firefox was ok.
Dunno why - maybe someone could explain.
Cheers for the feedback.
After successful login, I was creating session vars as follows then redirecting:
$_SESSION['var1'] = $var1
$_SESSION['var2'] = $var2
$_SESSION['var3'] = $_POST[userstuff];
session_write_close();
header('Location: http://homepage.php');
The var3 session was causing the problem with IE6, not Firefox - if I assigned the $_POST to a variable, then used it for the session it worked fine on IE & FireFox. If I tried assigning the session var from a $_POST - then IE would lose the session info. Firefox was ok.
Dunno why - maybe someone could explain.
Cheers for the feedback.
Found the following in reference to the session_write_close() function. Perhaps it is a timing condition, but not sure of how this relates to one browser vs another.
Workaround if session_write_close() still doesn't write sessions fast enough:
I found with one PHP login system that even session_write_close() was not setting the session variables before I transferred pages with a Location: header. So the user would log in, I would create the $_SESSION variables, call session_write_close() and then transfer to the secure page using header(Location:...). The secure page would check for the session vars, not find them, and force the user to log in again. After the second login the session would be found and they could continue.
My workaround was to create the $_SESSION variables with 0 values before writing the initial login page. Then I updated the session vars with the login results and used the header() function to switch to the secure location. Once the session vars have already been created, updated values are assigned quickly. Problem solved. Just be sure the secure page checks both that the $_SESSION var exists AND that it's not 0.
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Check your php.ini settings for the following
Based upon that, check each of the browsers settings on the use of local cookies.; Whether to use cookies.
session.use_cookies = 1
; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.
session.use_only_cookies = 1