By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,837 Members | 1,842 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,837 IT Pros & Developers. It's quick & easy.

Sessions - Not working with IE

P: n/a
Forgive my ignorance, but I am just starting to learn about sessions in
PHP and how to pass data from one page to the next. What I'm about to
explain could just be my misunderstanding of how sessions work.

I have two test scripts. The first starts a session, displays a few
details and a form. When the form is submitted it jumps to the second
page. The first script looks like this.

<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Session test : Page 1</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
/>
</head>
<body>
<ul>
<?php
$_SESSION['session_var'] = "testing";
echo "<li>Your session id is ".session_id()."</li>\n";
echo "<li>The SESSION array contains<br />\n";
print_r($_SESSION);
echo "</li>\n";
echo "<li>The SID is ".SID."</li>\n";
echo "<li>PHPSESSID = ".$PHPSESSID."</li>\n";
?>
</ul>
This is the test of the sessions feature
<form action="session2.php" method="post">
<input type="hidden" name="form_var" value="testing" />
<input type="submit" value="Go to next page" />
</form>
</body>
</html>

The second script displays the same variables as the first. In addition
it dislpays the value of a variable passed by the _$SESSION array and a
value passed via a form. It looks like this.

<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Session test : Page 2</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
/>
</head>
<body>
<ul>
<?php
echo "<li>Your session id is ".session_id()."</li>\n";
echo "<li>The SESSION array contains<br />\n";
print_r($_SESSION);
echo "</li>\n";
echo "<li>The SID is ".SID."</li>\n";
echo "<li>PHPSESSID = ".$PHPSESSID."</li>\n";
echo "<li>session_var = {".$_SESSION['session_var']."}</li>\n";
echo "<li>form_var = {".$_POST['form_var']."}</li>\n";
?>
</ul>
</body>
</html>

When run under IE6, I get the following output.

Script 1

· Your session id is d7e201df8eb6ac9fd76915e53051666d
· The SESSION array contains
Array ( [session_var] =testing )
· The SID is PHPSESSID=d7e201df8eb6ac9fd76915e53051666d
· PHPSESSID =

Script 2

· Your session id is 40211048ab6869c74dc8e9dff6098dc0
· The SESSION array contains
Array ( )
· The SID is PHPSESSID=40211048ab6869c74dc8e9dff6098dc0
· PHPSESSID =
· session_var = {}
· form_var = {testing}

Note how the session id is different and the variable passed by the
_$SESSION array is blank.

When run under Firefox 2.0 I get the following;

· Your session id is 00802b0742fdb87cda553cba85027c30
· The SESSION array contains
Array ( [session_var] =testing )
· The SID is PHPSESSID=00802b0742fdb87cda553cba85027c30
· PHPSESSID =

and

· Your session id is 00802b0742fdb87cda553cba85027c30
· The SESSION array contains
Array ( [session_var] =testing )
· The SID is
· PHPSESSID =
· session_var = {testing}
· form_var = {testing}

This time, the session ids are the same and the variable is passed.

Any ideas why the difference?
With Firefox, why is SID populated on the first page and not the
second?
Why is PHPSESSID blank?

In case it helps, the values from the php.ini file for session are;

session.auto_start = 0
session.cache_expire = 180
session.cache_limiter = nocache
session.cookie_domain =
session.cookie_lifetime = 0
session.cookie_path = /
session.entropy_file =
session.entropy_length = 0
session.gc_maxlifetime = 1440
session.gc_probability = 1
session.name = PHPSESSID
session.referer_check =
session.save_handler = files
session.save_path = /tmp
session.serialize_handler = php
session.use_cookies = 1
session.use_trans_sid = 1

Regards
Steve Wright

Oct 26 '06 #1
Share this Question
Share on Google+
7 Replies


P: n/a
Steve Wright wrote:
Forgive my ignorance, but I am just starting to learn about sessions in
PHP and how to pass data from one page to the next. What I'm about to
explain could just be my misunderstanding of how sessions work.

I have two test scripts. The first starts a session, displays a few
details and a form. When the form is submitted it jumps to the second
page. The first script looks like this.

<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Session test : Page 1</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
/>
</head>
<body>
<ul>
<?php
$_SESSION['session_var'] = "testing";
echo "<li>Your session id is ".session_id()."</li>\n";
echo "<li>The SESSION array contains<br />\n";
print_r($_SESSION);
echo "</li>\n";
echo "<li>The SID is ".SID."</li>\n";
echo "<li>PHPSESSID = ".$PHPSESSID."</li>\n";
?>
</ul>
This is the test of the sessions feature
<form action="session2.php" method="post">
<input type="hidden" name="form_var" value="testing" />
<input type="submit" value="Go to next page" />
</form>
</body>
</html>

The second script displays the same variables as the first. In addition
it dislpays the value of a variable passed by the _$SESSION array and a
value passed via a form. It looks like this.

<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Session test : Page 2</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
/>
</head>
<body>
<ul>
<?php
echo "<li>Your session id is ".session_id()."</li>\n";
echo "<li>The SESSION array contains<br />\n";
print_r($_SESSION);
echo "</li>\n";
echo "<li>The SID is ".SID."</li>\n";
echo "<li>PHPSESSID = ".$PHPSESSID."</li>\n";
echo "<li>session_var = {".$_SESSION['session_var']."}</li>\n";
echo "<li>form_var = {".$_POST['form_var']."}</li>\n";
?>
</ul>
</body>
</html>

When run under IE6, I get the following output.

Script 1

· Your session id is d7e201df8eb6ac9fd76915e53051666d
· The SESSION array contains
Array ( [session_var] =testing )
· The SID is PHPSESSID=d7e201df8eb6ac9fd76915e53051666d
· PHPSESSID =

Script 2

· Your session id is 40211048ab6869c74dc8e9dff6098dc0
· The SESSION array contains
Array ( )
· The SID is PHPSESSID=40211048ab6869c74dc8e9dff6098dc0
· PHPSESSID =
· session_var = {}
· form_var = {testing}

Note how the session id is different and the variable passed by the
_$SESSION array is blank.

When run under Firefox 2.0 I get the following;

· Your session id is 00802b0742fdb87cda553cba85027c30
· The SESSION array contains
Array ( [session_var] =testing )
· The SID is PHPSESSID=00802b0742fdb87cda553cba85027c30
· PHPSESSID =

and

· Your session id is 00802b0742fdb87cda553cba85027c30
· The SESSION array contains
Array ( [session_var] =testing )
· The SID is
· PHPSESSID =
· session_var = {testing}
· form_var = {testing}

This time, the session ids are the same and the variable is passed.

Any ideas why the difference?
With Firefox, why is SID populated on the first page and not the
second?
Why is PHPSESSID blank?

In case it helps, the values from the php.ini file for session are;

session.auto_start = 0
session.cache_expire = 180
session.cache_limiter = nocache
session.cookie_domain =
session.cookie_lifetime = 0
session.cookie_path = /
session.entropy_file =
session.entropy_length = 0
session.gc_maxlifetime = 1440
session.gc_probability = 1
session.name = PHPSESSID
session.referer_check =
session.save_handler = files
session.save_path = /tmp
session.serialize_handler = php
session.use_cookies = 1
session.use_trans_sid = 1

Regards
Steve Wright
Hi Steve,

This is strange indeed.
Did you by any chance disable cookies on IE?

Also look for a ini value named:
session.use_only_cookies
(That one is added in version 4.3)

Or are you maybe using an older version of PHP?
(If so, please upgrade.)

Regards,
Erwin Moller
Oct 26 '06 #2

P: n/a


On Oct 26, 9:49 am, Erwin Moller
<since_humans_read_this_I_am_spammed_too_m...@spam yourself.comwrote:
Steve Wright wrote:
Forgive my ignorance, but I am just starting to learn about sessions in
PHP and how to pass data from one page to the next. What I'm about to
explain could just be my misunderstanding of how sessions work.
I have two test scripts. The first starts a session, displays a few
details and a form. When the form is submitted it jumps to the second
page. The first script looks like this.
[script snipped]
>
The second script displays the same variables as the first. In addition
it dislpays the value of a variable passed by the _$SESSION array and a
value passed via a form. It looks like this.
[Script snipped]
>
When run under IE6, I get the following output.
Script 1
· Your session id is d7e201df8eb6ac9fd76915e53051666d
· The SESSION array contains
Array ( [session_var] =testing )
· The SID is PHPSESSID=d7e201df8eb6ac9fd76915e53051666d
· PHPSESSID =
Script 2
· Your session id is 40211048ab6869c74dc8e9dff6098dc0
· The SESSION array contains
Array ( )
· The SID is PHPSESSID=40211048ab6869c74dc8e9dff6098dc0
· PHPSESSID =
· session_var = {}
· form_var = {testing}
Note how the session id is different and the variable passed by the
_$SESSION array is blank.
When run under Firefox 2.0 I get the following;
· Your session id is 00802b0742fdb87cda553cba85027c30
· The SESSION array contains
Array ( [session_var] =testing )
· The SID is PHPSESSID=00802b0742fdb87cda553cba85027c30
· PHPSESSID =
and
· Your session id is 00802b0742fdb87cda553cba85027c30
· The SESSION array contains
Array ( [session_var] =testing )
· The SID is
· PHPSESSID =
· session_var = {testing}
· form_var = {testing}
This time, the session ids are the same and the variable is passed.
Any ideas why the difference?
With Firefox, why is SID populated on the first page and not the
second?
Why is PHPSESSID blank?
In case it helps, the values from the php.ini file for session are;
session.auto_start = 0
session.cache_expire = 180
session.cache_limiter = nocache
session.cookie_domain =
session.cookie_lifetime = 0
session.cookie_path = /
session.entropy_file =
session.entropy_length = 0
session.gc_maxlifetime = 1440
session.gc_probability = 1
session.name = PHPSESSID
session.referer_check =
session.save_handler = files
session.save_path = /tmp
session.serialize_handler = php
session.use_cookies = 1
session.use_trans_sid = 1
Regards
Steve WrightHi Steve,

This is strange indeed.
Did you by any chance disable cookies on IE?

Also look for a ini value named:
session.use_only_cookies
(That one is added in version 4.3)

Or are you maybe using an older version of PHP?
(If so, please upgrade.)

Regards,
Erwin Moller
As far as I can tell, I have not disabled cookies. The website runs in
the trusted zone and the security level on that zone is set to "Low".
Is there any other settings I should be checking in IE6?

The session.use_only_cookies is not defined in the php.ini. According
to my book (APRESS Beginning PHP and MySQL5 by Jason Gilmore), the
default value for this is 0.
>From the phpinfo() call, the session section says the following
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path no value no value
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0

We are running PHP v5.0.4

I wouldn't mind if it worked under IE and not FF, but this is an
intranet application and IE6 is the company standard :-(

Oct 26 '06 #3

P: n/a
Cracked it!

Because I have access to work from home over a VPN, the company have
installed a firewall (Zone Alarm integrity client). This was blocking
the cookies.

As I am at work and behind the corporate firewall, I have shutdown my
local firewall. IE6 now works.

Interesting how IE6 was affected when the local firewall in in
operation, but Firefox wasn't.

Thanks for the help

Oct 26 '06 #4

P: n/a
In article <11**********************@m7g2000cwm.googlegroups. com>,
st***********@googlemail.com says...
Cracked it!

Because I have access to work from home over a VPN, the company have
installed a firewall (Zone Alarm integrity client). This was blocking
the cookies.

As I am at work and behind the corporate firewall, I have shutdown my
local firewall. IE6 now works.

Interesting how IE6 was affected when the local firewall in in
operation, but Firefox wasn't.

Thanks for the help

You should notify your tech support department - clearly they are not
aware their firewall doesnt work if Firefox is in use - if that is the
case your company doesn't actually have a firewall it has a bit of wet
tissue paper instead.
Oct 26 '06 #5

P: n/a
Steve Wright wrote:
Cracked it!

Because I have access to work from home over a VPN, the company have
installed a firewall (Zone Alarm integrity client). This was blocking
the cookies.

As I am at work and behind the corporate firewall, I have shutdown my
local firewall. IE6 now works.

Interesting how IE6 was affected when the local firewall in in
operation, but Firefox wasn't.

Thanks for the help
Hi Steve,

Glad you solved it, but check as 'readme' said why FF is working without
cookiefiltering.

I do not understand: why would a firewall filter cookies out?
Cookies are a normal part of a http-request.
What kind of 'security improvement' does that offer?
I don't get it.

Does the firewall also check the HTML for undesired text?
Does it add missing </td>'s?

Seriously, can anybody explain to me why a firewall filters cookies?

Regards,
Erwin Moller

Oct 26 '06 #6

P: n/a
In article <45*********************@news.xs4all.nl>,
si**********************************...y ourself.com says...
Steve Wright wrote:
Cracked it!

Because I have access to work from home over a VPN, the company have
installed a firewall (Zone Alarm integrity client). This was blocking
the cookies.

As I am at work and behind the corporate firewall, I have shutdown my
local firewall. IE6 now works.

Interesting how IE6 was affected when the local firewall in in
operation, but Firefox wasn't.

Thanks for the help

Hi Steve,

Glad you solved it, but check as 'readme' said why FF is working without
cookiefiltering.

I do not understand: why would a firewall filter cookies out?
Cookies are a normal part of a http-request.
What kind of 'security improvement' does that offer?
I don't get it.

Does the firewall also check the HTML for undesired text?
Does it add missing </td>'s?

Seriously, can anybody explain to me why a firewall filters cookies?

Regards,
Erwin Moller

Because cookies are dangerous.
Cookies have always been dangerous
cookies will always be dangerous
If anyone tells you different - they are wrong.
Oct 27 '06 #7

P: n/a
"holly" <ho*****@xmashouse.co.ukpíše v diskusním příspěvku
news:MP************************@news-text.blueyonder.co.uk...
In article <45*********************@news.xs4all.nl>,
si**********************************...y ourself.com says...
>Steve Wright wrote:
Because cookies are dangerous.
Cookies have always been dangerous
cookies will always be dangerous
If anyone tells you different - they are wrong.
Cookies are good and I'm right. Jam cookies, cottage cookies or poppy
cookies and tea ...

--

Petr Vileta, Czech republic
(My server rejects all messages from Yahoo and Hotmail. Send me your mail
from another non-spammer site please.)
Oct 27 '06 #8

This discussion thread is closed

Replies have been disabled for this discussion.