session issues between browsers

[mungyun]

Hey all, i wasn't sure where this topic fit in best so i threw it here.

 

I recently got contracted to do some PHP work for an eCommerce site to do some maintenance and upgrades. One of the issues they are having me look at is something i have never really seen before and cant explain so i came here where i know someone might have the answer =-)

 

On this site in IE6 (this only seems to happen in IE6), I will go through and add some random items to my cart then use the email cart feature to send it to myself. I close the browser and open a new session and go back to the site and add some new items to my new cart and email that one to myself. So now i have 2 carts that i emailed to myself and the link only contains a hash of the cart to find in the DB. I follow the first emailed cart link i sent, but the cart view page still shows the most recent sessions items. I have looked in the database and everything there is correct. I tried this in FF and IE7 and they both work perfectly..

 

My biggest guess is that maybe session id's in IE6 are handled different than IE7 and that the id is stored in a cookie that isn't getting cleared out.. It seems kinda like a wild guess but thats the only thing i could possibly imagine being the issue because i have checked and i dont seem to see anywhere in this site where cookies are used so if this is the case i have no idea on how to clear that session cookie.

 

Im actually a .NET developer for my company but i had some PHP experience so i got picked for this job but i am a bit lost as to what is causing this. Anyone have any ideas?

 

Thanks

 

Matt

[DyslexicDog]

Sounds like you need to examine the code that pulls the cart information from the database. If the cart hash is in the url then that's the only information that should be pulled. Be sure you're not reading information into the cart from the cookie when viewing the cart from an email.

[uniflare]

Hm, soudns like your using a 3rd party commerce software, it may be a bug with their software you will have to tell them to fix.

 

To clear session cookies you get the session cookie name from ini_get("session.name") and then something similar to:

 

setcookie(ini_get("session.name"),"no content",time()-3600); (This will set the cookie to expire 1 hour ago).

 

But i really don't see how this could happen, are you sure its a clean default install of IE6 and you havn't got any wierd or wonderful security options checked?

[mungyun]

Yeah there has been complaints from a handful of people about this issue and all of the code was in house work but they lost their programmer so i dont have anyone to really ask these questions to there. and the code looks like it works perfect when you follow the link. It takes the cart hash, looks up the cart in the cart table based on the hash, pulls the items based on the cart id, etc.  I also dont think that they are even using cookies for anything. I had something i was working on before where i wanted to use a cookie but they didnt want me to because people can turn cookies off and it could have messed things up.

 

I have no intentions of advertising the site but how can i have someone here be able to see this themselves?

[uniflare]

i have a couple people from here on my msn, ill give u my email maybe i can take a quick look .

 

dog is right tho, if its just uising the hash of the cart id to get the cart contents there is something wrong with the script (since IE cannot modify server side parsing)