cookie problem
Posted: Tue Aug 26, 2003 12:28 pm
hello,
i have a problem with cookie fixation in msie 6.
i have 2 hosts:
aaa.domain.net (real)
bbb.domain.net (virtual)
both hosts are linking to the same php source code.
and now some http headers:
1st case:
2nd case:
1st case is ok
cookie was accepted and msie is sending it
2nd case is not ok
where is the cookie?
why set-cookie is being ignored by msie6 ?
is msie6 accepting the cookie but not sending it due to host mismatch ? But the Host header is ok, i believe!
btw, set-cookie header is generated by session_start() function
Thank you,
Grooou
i have a problem with cookie fixation in msie 6.
i have 2 hosts:
aaa.domain.net (real)
bbb.domain.net (virtual)
both hosts are linking to the same php source code.
and now some http headers:
1st case:
Code: Select all
++GET
GET http://aaa.domain.net/ HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: aaa.domain.net
Connection: keep-alive
++RESP
HTTP/1.1 200 OK
Date: Tue, 26 Aug 2003 17:10:41 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.0 mod_auth_pam/1.1.1 mod_layout/3.2
X-powered-by: PHP/4.3.0
Set-cookie: PHPSESSID=8810f69685f5ec17f9df467f526f611d; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-type: text/html
++GET
GET http://aaa.domain.net/mycss.css HTTP/1.1
Accept: */*
Referer: http://aaa.domain.net/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: aaa.domain.net
Cookie: PHPSESSID=8810f69685f5ec17f9df467f526f611d
Connection: keep-alive2nd case:
Code: Select all
++GET
GET http://bbb.domain.net/ HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: bbb.domain.net
Connection: keep-alive
++RESP
HTTP/1.1 200 OK
Date: Tue, 26 Aug 2003 17:10:41 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.0 mod_auth_pam/1.1.1 mod_layout/3.2
X-powered-by: PHP/4.3.0
Set-cookie: PHPSESSID=8810f69685f5ec17f9df467f526f611d; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-type: text/html
++GET
GET http://bbb.domain.net/mycss.css HTTP/1.1
Accept: */*
Referer: http://bbb.domain.net/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: bbb.domain.net
Connection: keep-alive1st case is ok
cookie was accepted and msie is sending it
2nd case is not ok
where is the cookie?
why set-cookie is being ignored by msie6 ?
is msie6 accepting the cookie but not sending it due to host mismatch ? But the Host header is ok, i believe!
btw, set-cookie header is generated by session_start() function
Thank you,
Grooou