Jump to content

IE 6 and Lower Login Problems

glend58

By glend58
in PHP Coding Help

 Share

Recommended Posts

glend58 Newbie

glend58

Posted
Posted

Hello,

 

I'm having a big problem with IE6. Users cannot stay logged in. On all other browsers they can including IE Mac. They can also stay logged in on IE7. IE6 and below it users cannot stay logged in.

 

Here's what happens:

 

User logs in and they get sent to another page where they are still logged in or at least all the $_SESSION variables are still set (I checked with print_r($_SESSION); ). When they click to go to any other page they get logged out. It can be any other page.  If I refresh the page they get logged out. The session_id continues to remain set throughout the session. I've set IE6 to accept every Cookie possible, checked on 2 other Windows computers other than my own and the users cannot stay logged in.

 

session_start(); is at the top of every single page.

 

As I said, everything works perfectly on IE7, FF (Mac and PC), Netscape (Mac and PC) and Safari.

 

I start the session like this gathering information from a database:

 

$_SESSION['userID'] = $row[0];

$_SESSION['firstName'] = $row[1];

$_SESSION['accessLevel'] = $row[2];

$_SESSION['username'] = $row[3];

 

Then I redirect to appropriate pages based on accessLevel. Since it works fine on other browsers, I'm a baffled on what I should do.

 

I'm not an expert. Been programming in PHP for a little over a year.

 

Any help would be greatly appreciated.

 

Regards,

 

Glen

 

 

Link to comment
Share on other sites
glend58 Newbie

glend58

Posted
  • Author
Posted

Hello,

 

Maybe I can approach this a different way. I know my code does not work on IE 6 and below and apparently on IE7, though it works on every other browser in the known universe. I could simply consider this a microsoft plot against PHP, but I'm not ready to go there yet.

 

Does anyone have some PHP code that works on these browsers? i.e. you are using PHP Sessions to Login in users and keep them logged in. You gather the information from a mysql database. My code is very basic and simple (maybe that's my problem, see above for details). I've been all over the internet and found lots of things that I thought might work but did not from people having similar problems. I'll list those here in no particular order. I tried these alone and in combinations but nothing seems to work. See the end of this reply to view.

 

I have lots of includes in my files (page headers, footers, etc) I've seen some documentation on includes being problematic, but nothing conclusive.

 

So any help would be greatly appreciated even if it's simply your code that works. I spent a day trying to fix this. Do I sound desperate? I'm getting there.

 

Thanks,

 

Glen

 

SOLUTIONS I FOUND

 

header("Cache-control: private"); //IE 6 Fix

 

***************************

 

In your subsequent hack, what happen if you place "ob_start();" on the first line? Also, make sure there's no blank space after <?php

 

 

<?php

ob_start();

 

session_start();

header("Cache-control: private"); // IE 6 Fix.

 

*****************************

 

ini_set('session.auto_start','1'); // Solves problem of returing back to login after each action.

 

It didn't in my case.

 

 

********************************

 

PRB: Session Variables Do Not Persist Between Requests After You Install

Internet Explorer Security Patch MS01-055

The information in this article applies to:

Microsoft Active Server Pages

Microsoft Internet Explorer (Programming) 5.5, 6

SYMPTOMS

After you install security patch MS01-055 for Microsoft Internet Explorer

5.5 or 6.0, you may encounter the following problems:

Session variables are lost.

Session state is not maintained between requests.

Cookies are not set on the client system.

NOTE: These problems can also occur after you install a more recent patch

that includes the fix that is provided in security patch MS01-055.

CAUSE

Security patch MS01-055 prevents servers with improper name syntax from

setting cookies names. Domains that use cookies must use only alphanumeric

characters ("-" or ".") in the domain name and the server name. Internet

Explorer blocks cookies from a server if the server name contains other

characters, such as an underscore character ("_").

 

Because ASP session state and session variables rely on cookies to function,

ASP cannot maintain session state between requests if cookies cannot be set

on the client.

RESOLUTION

To work around this problem, use one of the following methods:

Rename the domain name and the server name, and use only alphanumeric

characters.

Browse to the server by using the Internet Protocol (IP) address rather than

the domain/server name.

NOTE: You may need to change the Microsoft Internet Information Server (IIS)

configuration after you rename a server. For more information, refer to the

"References" section.

 

*******************************

 

Hi all. I am running an online charity lottery and am having issues with IE6

and sessions.

 

To fix them, I added the following at the top of each file:

 

ini_set('session.name', 'tlc');

header("Cache-control: private");

session_start();

 

...ran a local test in IE6 worked fine, then noticed more blank entries

coming in. I am not using third-party cookies, the system is built on php

sessions, any more ideas?

 

*******************************

 

workaround when using session variables in a .php file referred by a frame (.html, or other file type) at a different server than the one serving the .php:

 

Under these conditions IE6 or later silently refuses the session cookie that is attempted to create (either implicitly or explicitly by invoquing session_start()).

 

As a consequence, your session variable will return an empty value.

 

According to MS kb, the workaround is to add a header that says your remote .php page will not abuse from the fact that permission has been granted.

 

Place this header on the .php file that will create/update the session variables you want:

 

<?php header('P3P: CP="CAO PSA OUR"'); ?>

 

Regards,

Hugo

 

********************************

 

About the Session not getting saved on a header("Location:") redirect.

 

Make sure to call session_write_close() before doing the redirect.  This will make sure that the session values get written to the disk.

 

*********************************

 

For the problem of session lost after of redirect with header location...

 

Try with this:

<?

session_start();

$_SESSION['mySession'] = "hello";

 

header ("Location: xpage.php");

exit(); //This sentence do the magic

?>

 

*********************************

 

foltscane at yahoo dot com wrote about people losing session information on page redirects.

 

The problem is some times the redirect may kick you off to the next page before all the session variables have been saved. The true solution to lost session vars on redirect is to simply call session_write_close(); before setting the redirect header. This will insure that php finishes writing the session info before page redirect gets underway.

 

ie:

<?

    session_start();

    $_SESSION['forward'] = "This session data will not be lost!";

 

    session_write_close();

    header('Location: nextpage.php');

?>

 

*************************************

 

TAGS: session_start headers output errors include_once require_once php tag new line

 

Errors with output headers related to *session_start()* being called inside include files.

 

If you are starting your session inside an include file you must be aware of the presence of undesired characters after php end tag.

 

Let's take an example:

> page.php

<?php

include_once 'i_have_php_end_tag.inc.php';

include_once 'init_session.inc.php';

 

echo "Damn! Why I'm having these output header errors?";

?>

 

> i_have_php_end_tag.inc.php

<?php

$_JUST_A_GLOBAL_VAR = 'Yes, a global var, indeed';

?>

 

> init_session.inc.php

<?php

session_start();

$_SESSION['blabla'] = 123;

?>

 

With all this stuff we will get an error, something like:

"... Cannot send session cache limiter - headers already sent (output started at ...", right?

 

To solve this problem we have to ignore all output sent by include files. To ensure that we need to use the couple of functions: *ob_start()* and *ob_end_clean()* to suppress the output. So, all we have to do is changing the *page.php* to this:

 

<?php

ob_start();

include_once 'i_have_php_end_tag.inc.php';

include_once 'init_session.inc.php';

ob_end_clean();

 

echo "Woo hoo! All right! Die you undesired outputs!!!";

?>

 

***********************************

 

For some reason, MSIE gets confused when session_start() is called and the Content-disposition has been set to "attachment".  The only solution I've found is this:

<?php

if(strpos($_SERVER['HTTP_USER_AGENT'],"MSIE")) {

  session_cache_limiter('public');

}

session_start();

?>

 

*********************************

 

Watch out for using UTF-8 encoding in your php scripts!

 

I don't know about other enviroments, but in Windows XP, if you edit a document and set it to be UTF-8, the editor (notepad for exapmle) inserts two invisible bytes at the beginning of the file (they read FF FE in hex for me). I suppose this happens so Windows can identify the file as UTF-8.

 

Since these two bytes are placed before anything else in the file, including <? ?> tags, when you execute the php script, they get outputed to the browser (even tough they won't be shown in the source of the result document, they're there!) before your php code gets a chance to run anything. This effectively cripples functions like session_start() ($_COOKIE to be exact).

 

The solution is to save the php file in a different encoding, or to manually remove them (I prefer the former).

 

I hope I helped somebody.

 

********************************

 

I do not have this problem on apache2/php5/win2k

probably in php.ini. I had horrible problems with ie caching pages and never reloading them, causing a lot of confusion on my part. Some of these might not apply to php4, and you may want to adjust some to tase, like auto start, but these seem to smarten up ie.

 

[session]

 

session.save_handler = files

 

session.save_path = "/tmp/"

 

session.use_cookies = 1

 

session.use_only_cookies = 1

 

session.name = SESSION

 

session.auto_start = 1

 

session.cookie_lifetime = 0

 

session.cookie_path = /

 

 

 

session.serialize_handler = php

 

session.gc_probability = 1

session.gc_divisor = 100

 

session.gc_maxlifetime = 1440

 

session.bug_compat_42 = 0

session.bug_compat_warn = 0

 

session.referer_check =

 

session.entropy_length = 0

 

session.entropy_file =

 

session.cache_limiter = nocache

 

session.cache_expire = 180

 

session.use_trans_sid = 0

 

session.hash_function = 1

 

session.hash_bits_per_character = 5

 

url_rewriter.tags = ""

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.