blast Posted February 26, 2007 Share Posted February 26, 2007 I use Session variables in PHP for a login script.... I call session_start... which I believ just calls setcookie with the PHPSESSID.... I might be wrong there though. Anyways, this is fine under FF, Safari, Opera... but the cookie doesn't get set in IE7. A session is created, because I can call session_id() from the php page which creates the session (ie when the user logs in). However, as no cookie is set, this id doesn't make it to subsequent session_start() calls. I'm using php 5 Any thoughts anyone? Cheers Regards Stu Link to comment https://forums.phpfreaks.com/topic/40225-ie7-php-session-cookie/ Share on other sites More sharing options...
nloding Posted February 26, 2007 Share Posted February 26, 2007 My guess is that IE7 has the security settings too high. Link to comment https://forums.phpfreaks.com/topic/40225-ie7-php-session-cookie/#findComment-194615 Share on other sites More sharing options...
blast Posted February 26, 2007 Author Share Posted February 26, 2007 What would you suggest I do in this case? Bear in mind that I need the site to work properly with any client... so I can't really tell them to turn down their security settings (if I was the client I would think the site was a touch dodgy if they were telling me to turn down my security settings!). Is there a way I can set the cookie which requires a lower security level than default? Cheers Regards Stu Link to comment https://forums.phpfreaks.com/topic/40225-ie7-php-session-cookie/#findComment-194621 Share on other sites More sharing options...
nloding Posted February 26, 2007 Share Posted February 26, 2007 Welcome to the game! You can't control things like that. Use javascript to test if cookies are enabled or disabled, and if they are disabled, prompt the user to turn them on. Include a statement about security and why they are necessary for the site. They'll turn them on. But what if the client doesn't have Javascript enabled? Uh oh! There's no answer. In general, I've found it best to assume that people have both enabled, and run simple tests to check. Have Javascript check cookies and prompt the user. Have Javascript write to the cookie and have PHP check it to see if it's there. Those are the only two ways I've found to use PHP to test the existence of both. In short, you can't control that. Prompt them to turn them on, if they don't, it's not your fault. Link to comment https://forums.phpfreaks.com/topic/40225-ie7-php-session-cookie/#findComment-194632 Share on other sites More sharing options...
blast Posted February 27, 2007 Author Share Posted February 27, 2007 Thanks for your replies. One solution to this I can see (but would involve a recode) is to get PHP to try to set a cookie, check if it's set. If it's not then send the session ID as a GET param? Would that work? My instinct doesn't want to put the session ID in the URL really.. for some reason I think that that's insecure... but then again.. it's stored in a cookie on the client side anyways. Should this be a problem? Thanks Regards Stu Link to comment https://forums.phpfreaks.com/topic/40225-ie7-php-session-cookie/#findComment-195299 Share on other sites More sharing options...
nloding Posted February 27, 2007 Share Posted February 27, 2007 It will work fine, it will just lead to a nasty URL ... but it will work. Link to comment https://forums.phpfreaks.com/topic/40225-ie7-php-session-cookie/#findComment-195425 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.