cookies, sessions and death.

[codebyren]

Right, my website is relatively simple, but I am about to die from frustration with session cookies - more specifically, browsers rejecting them.

 

Basically there are 2 steps to the screenshot upload process:

 

Step 1: choose file for upload (here a session is started and a unique image_id value from mysql is passed in $_SESSION and is required for step 2). On submission of the form, the user is redirected to step2.php via the action field of the upload form.

 

Step 2: the user adds details for their upload after which it is validated and transferred to the "official table" in the database.

 

Now this works great if your browser is happy to accept the session cookie (and a test cookie to report if cookies are disabled).

 

IE6 is not interested in my cookies at all though so I tried allowing php to pass the session id in the url automagically - It doesn't need to be 100% secure, I just want the site to be as user friendly as possible. However, upon redirection from step1 to step 2, the session id is lost somehow and so redirects back to step1 after wasting the user's time uploading. Nice.

 

Maybe I have to set the upload form's action to "step2.php?PHPSESSID=InsertSuperLongStringHere" manually rather than just step2.php?

 

What I really would like to know though, is if there's some way around this - I just need sessions for those 2 pages. Thus I would prefer to not have to pass the session id in the url for the whole 1 hour that the user's upload is kept, should they decide to browse around between steps for some random reason. I have found something on a compact privacy policy for internet explorer though that seems WAY too hard and is definitely overkill... I've been using firefox for years so I'm not sure how most people respond to cookies being rejected in Internet explorer.

 

Please, any suggestions are welcome. The site is at http://www.oohDesktop.com. Thanks.

[PFMaBiSmAd]

You would need to post your code for anyone to determine what exactly it is doing that is browser specific. It sounds like you are redirecting, so you could be having problems like -

 

Note: HTTP/1.1 requires an absolute URI as argument to » Location: including the scheme, hostname and absolute path, but some clients accept relative URIs. You can usually use $_SERVER['HTTP_HOST'], $_SERVER['PHP_SELF'] and dirname() to make an absolute URI from a relative one yourself:

 

or

 

Note: Session ID is not passed with Location header even if session.use_trans_sid is enabled. It must by passed manually using SID constant.

 

or

 

If this build option and the run-time option session.use_trans_sid are enabled, relative URIs will be changed to contain the session id automatically.

Note: Non-relative URLs are assumed to point to external sites and hence don't append the SID, as it would be a security risk to leak the SID to a different server.

 

But we cannot really help you with what might be causing the problem in your code without seeing your code.

[codebyren]

Cheers for the reply, I decided asking users to accept cookies wasn't such a big deal after all. Besides, it's really only IE6 causing problems and if users use hotmail or yahoo etc. they should already know how to accept them.

 

As for your guesses as to what the problem was, it was the fact that session.use_trans_sid was not passing the session variable with Location header. I had forgotten that the form was processed on the same page and then redirected afterwards, rather than using that step2 page as the action value in the form and then processing there.

 

I really am terrible at explaining this stuff...

 

Thanks anyway,