Jump to content

Edge starting new session on header(Location:...)


jcanker

Recommended Posts

First off, met me say that I've seen the recent topic on session/redirect http://forums.phpfreaks.com/topic/300903-session-is-dropped-after-redirect/ and worked with the domain for redirect and it did not affect anything.  I've been looking all around and cannot find a solid answer.
 
The application I have been slowly creating has worked fine in Chrome, Firefox, and IE 7-11 **On Windows 7**.  Yesterday I upgraded my dev laptop to Win10 Pro and started testing with the Edge browser.  The user cannot log in successfully with Edge Browser because a new session is created after the php script to process login uses header(Location:....).  There are no issues with Chrome, Firefox on Win10Pro, but IE11 on this Win10Pro machine is showing the same symptoms as Edge.
 
Here are the facts/factors:

  • This is all running on a dev laptop with IIS Express using FastCGI.  The browser is running on same machine.
  • start_session() is at the top of every page in the application immediately after the require_once calls.
//get includes
require_once("../../../sys/php/includes/dbFns.php");
require_once("../../../sys/php/includes/userAuthFns.php");
require_once("../../../sys/php/includes/outputFns.php");
//start session
$result = session_start();
if(!$result){echo "<br/>Could not start session!</br>"; die();}
//grab the page name and path for the logs
$page = $_SERVER["REQUEST_URI"];
//grab the user's IP address for the security checks
$_SESSION['remote_addr'] = $_SERVER['REMOTE_ADDR'];
  • If username/password combo is successful, code uses header() to redirect to "logged.html."  If fails, it uses header() to forward to "notLogged.html"
  • "logged.html" contains jQuery which makes an AJAX call to a php page which checks session info for a valid login session.  If session login info not found it redirects to notLogged.html.
  • When user uses Edge browser, a session is created and the correct login info is stored in the session.  I can see the session in Windows/Temp and when I open it, it holds the expected info.  If I comment out the echo print_r($_SESSION) lines in the code block below it shows the correct info in the $_SESSION array.
  • When the redirect to logged.html occurs a new session is created.  I can see the session file in Windows/Temp; file size is 0 and is empty when opened in notepad.
  • All redirects using either jQuery/javascript or PHP's header() use relative links.
  • In my research I saw several suggestions to use session_write_close() just prior to the redirect.  This did not solve the issue.
  • To ensure the domain is not causing the issue I commented out the header() using the relative link and instead used a link including the domain info (did not fix the issue):
//////////////////////////////////////////////////////////////
// Expose this next block for testing purposes only to 
//  display the SESSION data
////////////////////////////////////////////////////////////////
//echo "<pre>";
//echo print_r($_SESSION);
//echo "</pre>";
///// END SESSION DISPLAY FOR TESTING BLOCK /////////////////////

	//redirect to the logged-in page--comment out for testing SESSION, include in production
		session_write_close();
//		header("Location: ../../logged.html");
		header("Location: http://7_0.leagueledger.com/logged.html");
	
		exit();
  • When Edge reaches logged.html and runs the AJAX check to ensure the $_SESSION data shows the user as logged in, it fails because it is looking at the new, empty session and then redirects to notLogged.html as it is designed to do.  (javascript alerts helped me trace the progress).
  • PHP.ini is set to use cookies; however I don't see a cookie being created for this site.  I enabled cookies via Group Policy and cookies for other websites are showing up.  I am referencing the folders:

C:\Users\**username**\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies​

C:\Users\**username**\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies​​

  • Here is the pertinent section of PHP.info

Directive Local Value Master Value

session.auto_start Off Off

session.cache_expire 180 180

session.cache_limiter nocache nocache

session.cookie_domain no value no value

session.cookie_httponly Off Off

session.cookie_lifetime 0 0

session.cookie_path / /

session.cookie_secure Off Off

session.entropy_file no value no value

session.entropy_length 0 0

session.gc_divisor 1000 1000

session.gc_maxlifetime 1440 1440

session.gc_probability 1 1

session.hash_bits_per_character 5 5

session.hash_function 0 0

session.lazy_write On On

session.name PHPSESSID PHPSESSID

session.referer_check no value no value

session.save_handler files files

session.save_path C:\Windows\temp C:\Windows\temp

session.serialize_handler php php

session.upload_progress.cleanup On On

session.upload_progress.enabled On On

session.upload_progress.freq 1% 1%

session.upload_progress.min_freq 1 1

session.upload_progress.name PHP_SESSION_UPLOAD_PROGRESS PHP_SESSION_UPLOAD_PROGRESS

session.upload_progress.prefix upload_progress_ upload_progress_

session.use_cookies On On

session.use_only_cookies On On

session.use_strict_mode Off Off

session.use_trans_sid 0 0

  • Although the php.ini says the session filename will prepend PHPSESSID, it actually is just using "sess", e.g. ​sess_cvfjqh4tlelh86fgs06emsg0q3  This is true for all browsers, not just Edge

 

This is a head scratcher to me since it works perfectly in Chrome/Firefox and was fine in IE 11 when this was a Win7 machine.

 

Any assistance will be greatly appreciated.

 

 

 
 

Edited by jcanker
Link to comment
Share on other sites

Does Edge accept any cookies from the site at all? Run a separate test script with a simple setcookie(), then check your current cookies in the browser UI and with PHP.

<?php

if (setcookie('cookie_test', 'test'))
{
    echo 'Cookie set. Run again to see if the cookie is sent back.<br>';
}

echo 'Cookies sent by the browser:<br>';
var_dump($_COOKIE);
Link to comment
Share on other sites

EDIT:  I'm a dorkfish...ignore the post if you already saw it--I wasn't using Edge  :shrug: I will report back in a sec

 

It seems to like that little bit at least :)

I saved your code to testing/setCookieTest.php and ran it then refreshed to run the 2nd time

Here is the output from running the file the 2nd (or 3rd or 4th) time by refreshing the page

 

Cookie set. Run again to see if the cookie is sent back.
Cookies sent by the browser:
array(2) { ["cookie_test"]=> string(4) "test" ["PHPSESSID"]=> string(26) "imi9uedj5jmerpdn9u7vhhu0h5" }

Edited by jcanker
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.