glend58 Posted April 20, 2007 Share Posted April 20, 2007 Hello, I'm having a big problem with IE6. Users cannot stay logged in. On all other browsers they can including IE Mac. They can also stay logged in on IE7. IE6 and below it users cannot stay logged in. Here's what happens: User logs in and they get sent to another page where they are still logged in or at least all the $_SESSION variables are still set (I checked with print_r($_SESSION); ). When they click to go to any other page they get logged out. It can be any other page. If I refresh the page they get logged out. The session_id continues to remain set throughout the session. I've set IE6 to accept every Cookie possible, checked on 2 other Windows computers other than my own and the users cannot stay logged in. session_start(); is at the top of every single page. As I said, everything works perfectly on IE7, FF (Mac and PC), Netscape (Mac and PC) and Safari. I start the session like this gathering information from a database: $_SESSION['userID'] = $row[0]; $_SESSION['firstName'] = $row[1]; $_SESSION['accessLevel'] = $row[2]; $_SESSION['username'] = $row[3]; Then I redirect to appropriate pages based on accessLevel. Since it works fine on other browsers, I'm a baffled on what I should do. I'm not an expert. Been programming in PHP for a little over a year. Any help would be greatly appreciated. Regards, Glen Quote Link to comment Share on other sites More sharing options...
jscix Posted April 20, 2007 Share Posted April 20, 2007 Check your users browser types, if their using IE, redirect them to the mozilla download page. ok sorry, bad joke. but seriously, I hate ie. die ms... Quote Link to comment Share on other sites More sharing options...
jscix Posted April 20, 2007 Share Posted April 20, 2007 It seems your not alone with your issue, however: http://www.google.com/search?source=ig&hl=en&q=ie6+session+issues&btnG=Google+Search Quote Link to comment Share on other sites More sharing options...
glend58 Posted April 25, 2007 Author Share Posted April 25, 2007 Hello, Maybe I can approach this a different way. I know my code does not work on IE 6 and below and apparently on IE7, though it works on every other browser in the known universe. I could simply consider this a microsoft plot against PHP, but I'm not ready to go there yet. Does anyone have some PHP code that works on these browsers? i.e. you are using PHP Sessions to Login in users and keep them logged in. You gather the information from a mysql database. My code is very basic and simple (maybe that's my problem, see above for details). I've been all over the internet and found lots of things that I thought might work but did not from people having similar problems. I'll list those here in no particular order. I tried these alone and in combinations but nothing seems to work. See the end of this reply to view. I have lots of includes in my files (page headers, footers, etc) I've seen some documentation on includes being problematic, but nothing conclusive. So any help would be greatly appreciated even if it's simply your code that works. I spent a day trying to fix this. Do I sound desperate? I'm getting there. Thanks, Glen SOLUTIONS I FOUND header("Cache-control: private"); //IE 6 Fix *************************** In your subsequent hack, what happen if you place "ob_start();" on the first line? Also, make sure there's no blank space after <?php <?php ob_start(); session_start(); header("Cache-control: private"); // IE 6 Fix. ***************************** ini_set('session.auto_start','1'); // Solves problem of returing back to login after each action. It didn't in my case. ******************************** PRB: Session Variables Do Not Persist Between Requests After You Install Internet Explorer Security Patch MS01-055 The information in this article applies to: Microsoft Active Server Pages Microsoft Internet Explorer (Programming) 5.5, 6 SYMPTOMS After you install security patch MS01-055 for Microsoft Internet Explorer 5.5 or 6.0, you may encounter the following problems: Session variables are lost. Session state is not maintained between requests. Cookies are not set on the client system. NOTE: These problems can also occur after you install a more recent patch that includes the fix that is provided in security patch MS01-055. CAUSE Security patch MS01-055 prevents servers with improper name syntax from setting cookies names. Domains that use cookies must use only alphanumeric characters ("-" or ".") in the domain name and the server name. Internet Explorer blocks cookies from a server if the server name contains other characters, such as an underscore character ("_"). Because ASP session state and session variables rely on cookies to function, ASP cannot maintain session state between requests if cookies cannot be set on the client. RESOLUTION To work around this problem, use one of the following methods: Rename the domain name and the server name, and use only alphanumeric characters. Browse to the server by using the Internet Protocol (IP) address rather than the domain/server name. NOTE: You may need to change the Microsoft Internet Information Server (IIS) configuration after you rename a server. For more information, refer to the "References" section. ******************************* Hi all. I am running an online charity lottery and am having issues with IE6 and sessions. To fix them, I added the following at the top of each file: ini_set('session.name', 'tlc'); header("Cache-control: private"); session_start(); ...ran a local test in IE6 worked fine, then noticed more blank entries coming in. I am not using third-party cookies, the system is built on php sessions, any more ideas? ******************************* workaround when using session variables in a .php file referred by a frame (.html, or other file type) at a different server than the one serving the .php: Under these conditions IE6 or later silently refuses the session cookie that is attempted to create (either implicitly or explicitly by invoquing session_start()). As a consequence, your session variable will return an empty value. According to MS kb, the workaround is to add a header that says your remote .php page will not abuse from the fact that permission has been granted. Place this header on the .php file that will create/update the session variables you want: <?php header('P3P: CP="CAO PSA OUR"'); ?> Regards, Hugo ******************************** About the Session not getting saved on a header("Location:") redirect. Make sure to call session_write_close() before doing the redirect. This will make sure that the session values get written to the disk. ********************************* For the problem of session lost after of redirect with header location... Try with this: <? session_start(); $_SESSION['mySession'] = "hello"; header ("Location: xpage.php"); exit(); //This sentence do the magic ?> ********************************* foltscane at yahoo dot com wrote about people losing session information on page redirects. The problem is some times the redirect may kick you off to the next page before all the session variables have been saved. The true solution to lost session vars on redirect is to simply call session_write_close(); before setting the redirect header. This will insure that php finishes writing the session info before page redirect gets underway. ie: <? session_start(); $_SESSION['forward'] = "This session data will not be lost!"; session_write_close(); header('Location: nextpage.php'); ?> ************************************* TAGS: session_start headers output errors include_once require_once php tag new line Errors with output headers related to *session_start()* being called inside include files. If you are starting your session inside an include file you must be aware of the presence of undesired characters after php end tag. Let's take an example: > page.php <?php include_once 'i_have_php_end_tag.inc.php'; include_once 'init_session.inc.php'; echo "Damn! Why I'm having these output header errors?"; ?> > i_have_php_end_tag.inc.php <?php $_JUST_A_GLOBAL_VAR = 'Yes, a global var, indeed'; ?> > init_session.inc.php <?php session_start(); $_SESSION['blabla'] = 123; ?> With all this stuff we will get an error, something like: "... Cannot send session cache limiter - headers already sent (output started at ...", right? To solve this problem we have to ignore all output sent by include files. To ensure that we need to use the couple of functions: *ob_start()* and *ob_end_clean()* to suppress the output. So, all we have to do is changing the *page.php* to this: <?php ob_start(); include_once 'i_have_php_end_tag.inc.php'; include_once 'init_session.inc.php'; ob_end_clean(); echo "Woo hoo! All right! Die you undesired outputs!!!"; ?> *********************************** For some reason, MSIE gets confused when session_start() is called and the Content-disposition has been set to "attachment". The only solution I've found is this: <?php if(strpos($_SERVER['HTTP_USER_AGENT'],"MSIE")) { session_cache_limiter('public'); } session_start(); ?> ********************************* Watch out for using UTF-8 encoding in your php scripts! I don't know about other enviroments, but in Windows XP, if you edit a document and set it to be UTF-8, the editor (notepad for exapmle) inserts two invisible bytes at the beginning of the file (they read FF FE in hex for me). I suppose this happens so Windows can identify the file as UTF-8. Since these two bytes are placed before anything else in the file, including <? ?> tags, when you execute the php script, they get outputed to the browser (even tough they won't be shown in the source of the result document, they're there!) before your php code gets a chance to run anything. This effectively cripples functions like session_start() ($_COOKIE to be exact). The solution is to save the php file in a different encoding, or to manually remove them (I prefer the former). I hope I helped somebody. ******************************** I do not have this problem on apache2/php5/win2k probably in php.ini. I had horrible problems with ie caching pages and never reloading them, causing a lot of confusion on my part. Some of these might not apply to php4, and you may want to adjust some to tase, like auto start, but these seem to smarten up ie. [session] session.save_handler = files session.save_path = "/tmp/" session.use_cookies = 1 session.use_only_cookies = 1 session.name = SESSION session.auto_start = 1 session.cookie_lifetime = 0 session.cookie_path = / session.serialize_handler = php session.gc_probability = 1 session.gc_divisor = 100 session.gc_maxlifetime = 1440 session.bug_compat_42 = 0 session.bug_compat_warn = 0 session.referer_check = session.entropy_length = 0 session.entropy_file = session.cache_limiter = nocache session.cache_expire = 180 session.use_trans_sid = 0 session.hash_function = 1 session.hash_bits_per_character = 5 url_rewriter.tags = "" Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.