jcanker Posted February 28, 2016 Share Posted February 28, 2016 (edited) First off, met me say that I've seen the recent topic on session/redirect http://forums.phpfreaks.com/topic/300903-session-is-dropped-after-redirect/ and worked with the domain for redirect and it did not affect anything. I've been looking all around and cannot find a solid answer. The application I have been slowly creating has worked fine in Chrome, Firefox, and IE 7-11 **On Windows 7**. Yesterday I upgraded my dev laptop to Win10 Pro and started testing with the Edge browser. The user cannot log in successfully with Edge Browser because a new session is created after the php script to process login uses header(Location:....). There are no issues with Chrome, Firefox on Win10Pro, but IE11 on this Win10Pro machine is showing the same symptoms as Edge. Here are the facts/factors: This is all running on a dev laptop with IIS Express using FastCGI. The browser is running on same machine. start_session() is at the top of every page in the application immediately after the require_once calls. //get includes require_once("../../../sys/php/includes/dbFns.php"); require_once("../../../sys/php/includes/userAuthFns.php"); require_once("../../../sys/php/includes/outputFns.php"); //start session $result = session_start(); if(!$result){echo "<br/>Could not start session!</br>"; die();} //grab the page name and path for the logs $page = $_SERVER["REQUEST_URI"]; //grab the user's IP address for the security checks $_SESSION['remote_addr'] = $_SERVER['REMOTE_ADDR']; If username/password combo is successful, code uses header() to redirect to "logged.html." If fails, it uses header() to forward to "notLogged.html" "logged.html" contains jQuery which makes an AJAX call to a php page which checks session info for a valid login session. If session login info not found it redirects to notLogged.html. When user uses Edge browser, a session is created and the correct login info is stored in the session. I can see the session in Windows/Temp and when I open it, it holds the expected info. If I comment out the echo print_r($_SESSION) lines in the code block below it shows the correct info in the $_SESSION array. When the redirect to logged.html occurs a new session is created. I can see the session file in Windows/Temp; file size is 0 and is empty when opened in notepad. All redirects using either jQuery/javascript or PHP's header() use relative links. In my research I saw several suggestions to use session_write_close() just prior to the redirect. This did not solve the issue. To ensure the domain is not causing the issue I commented out the header() using the relative link and instead used a link including the domain info (did not fix the issue): ////////////////////////////////////////////////////////////// // Expose this next block for testing purposes only to // display the SESSION data //////////////////////////////////////////////////////////////// //echo "<pre>"; //echo print_r($_SESSION); //echo "</pre>"; ///// END SESSION DISPLAY FOR TESTING BLOCK ///////////////////// //redirect to the logged-in page--comment out for testing SESSION, include in production session_write_close(); // header("Location: ../../logged.html"); header("Location: http://7_0.leagueledger.com/logged.html"); exit(); When Edge reaches logged.html and runs the AJAX check to ensure the $_SESSION data shows the user as logged in, it fails because it is looking at the new, empty session and then redirects to notLogged.html as it is designed to do. (javascript alerts helped me trace the progress). PHP.ini is set to use cookies; however I don't see a cookie being created for this site. I enabled cookies via Group Policy and cookies for other websites are showing up. I am referencing the folders: C:\Users\**username**\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies C:\Users\**username**\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies Here is the pertinent section of PHP.infoDirective Local Value Master Value session.auto_start Off Off session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_httponly Off Off session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no value no value session.entropy_length 0 0 session.gc_divisor 1000 1000 session.gc_maxlifetime 1440 1440 session.gc_probability 1 1 session.hash_bits_per_character 5 5 session.hash_function 0 0 session.lazy_write On On session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path C:\Windows\temp C:\Windows\temp session.serialize_handler php php session.upload_progress.cleanup On On session.upload_progress.enabled On On session.upload_progress.freq 1% 1% session.upload_progress.min_freq 1 1 session.upload_progress.name PHP_SESSION_UPLOAD_PROGRESS PHP_SESSION_UPLOAD_PROGRESS session.upload_progress.prefix upload_progress_ upload_progress_ session.use_cookies On On session.use_only_cookies On On session.use_strict_mode Off Off session.use_trans_sid 0 0 Although the php.ini says the session filename will prepend PHPSESSID, it actually is just using "sess", e.g. sess_cvfjqh4tlelh86fgs06emsg0q3 This is true for all browsers, not just Edge This is a head scratcher to me since it works perfectly in Chrome/Firefox and was fine in IE 11 when this was a Win7 machine. Any assistance will be greatly appreciated. Edited February 28, 2016 by jcanker Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted February 28, 2016 Share Posted February 28, 2016 Does Edge accept any cookies from the site at all? Run a separate test script with a simple setcookie(), then check your current cookies in the browser UI and with PHP. <?php if (setcookie('cookie_test', 'test')) { echo 'Cookie set. Run again to see if the cookie is sent back.<br>'; } echo 'Cookies sent by the browser:<br>'; var_dump($_COOKIE); Quote Link to comment Share on other sites More sharing options...
jcanker Posted February 28, 2016 Author Share Posted February 28, 2016 (edited) EDIT: I'm a dorkfish...ignore the post if you already saw it--I wasn't using Edge I will report back in a sec It seems to like that little bit at least I saved your code to testing/setCookieTest.php and ran it then refreshed to run the 2nd time Here is the output from running the file the 2nd (or 3rd or 4th) time by refreshing the page Cookie set. Run again to see if the cookie is sent back.Cookies sent by the browser:array(2) { ["cookie_test"]=> string(4) "test" ["PHPSESSID"]=> string(26) "imi9uedj5jmerpdn9u7vhhu0h5" } Edited February 28, 2016 by jcanker Quote Link to comment Share on other sites More sharing options...
jcanker Posted February 28, 2016 Author Share Posted February 28, 2016 (edited) No love in Edge: file output after several refreshes (same result in IE11 on Win 10Pro): Cookie set. Run again to see if the cookie is sent back.Cookies sent by the browser:array(0) { } Edited February 28, 2016 by jcanker Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted February 29, 2016 Share Posted February 29, 2016 So it's obviously not a PHP problem or session issue but rather a browser misconfiguration. I know nothing about Windows 10, but maybe somebody else will chime in. Otherwise try a Windows forum. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.