Jump to content

IE7 & PHP Session Cookie


blast

Recommended Posts

I use Session variables in PHP for a login script.... I call session_start... which I believ just calls setcookie with the PHPSESSID.... I might be wrong there though.

 

Anyways, this is fine under FF, Safari, Opera... but the cookie doesn't get set in IE7.  A session is created, because I can call session_id() from the php page which creates the session (ie when the user logs in).  However, as no cookie is set, this id doesn't make it to subsequent session_start() calls.

 

I'm using php 5

 

Any thoughts anyone?

 

 

Cheers

 

Regards

Stu

Link to comment
https://forums.phpfreaks.com/topic/40225-ie7-php-session-cookie/
Share on other sites

What would you suggest I do in this case?  Bear in mind that I need the site to work properly with any client... so I can't really tell them to turn down their security settings (if I was the client I would think the site was a touch dodgy if they were telling me to turn down my security settings!).

 

Is there a way I can set the cookie which requires a lower security level than default?

 

 

Cheers

 

Regards

Stu

Welcome to the game!

 

You can't control things like that.  Use javascript to test if cookies are enabled or disabled, and if they are disabled, prompt the user to turn them on.  Include a statement about security and why they are necessary for the site.  They'll turn them on.

 

But what if the client doesn't have Javascript enabled?  Uh oh!

 

There's no answer.  In general, I've found it best to assume that people have both enabled, and run simple tests to check.  Have Javascript check cookies and prompt the user.  Have Javascript write to the cookie and have PHP check it to see if it's there.  Those are the only two ways I've found to use PHP to test the existence of both.

 

In short, you can't control that.  Prompt them to turn them on, if they don't, it's not your fault.

Thanks for your replies.

 

One solution to this I can see (but would involve a recode) is to get PHP to try to set a cookie, check if it's set. If it's not then send the session ID as a GET param?

 

Would that work?  My instinct doesn't want to put the session ID in the URL really.. for some reason I think that that's insecure... but then again.. it's stored in a cookie on the client side anyways.  Should this be a problem?

 

 

Thanks

 

Regards

Stu

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.