By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,820 Members | 1,315 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,820 IT Pros & Developers. It's quick & easy.

MSIE 7 and cookies

P: n/a
Ike
I have a username/sid pair for typical authentication. That is, for someone
signing in under a given username, a sid is created, saved in both a cookie
and the db on the server. This I am doing as follows:

$timer = md5(time());
$sid = $UserID . "+" . $timer. "+" . $country;
SetCookie("ggcookie", $sid, time() + 86400 * 10000); //Set Cookie
for 10000 days
$query = "update associates set sid=\"$timer\" where
username=\"$UserID\"";

Thus, when another page is called, I immediately retrieve the value of the
cookie as follows:

if (!(isset($ggcookie))) {
echo "cookie not set in browser.";
exit;
}
$sidarray = explode("+", "$ggcookie");

However, for one particular user I have, upon upgrading to MSIE 7, this no
longer works as whenever he calls up a new page, he gets "cookie not set in
browser". In looking at his security settings his Zone is "Internet," set to
"Medium High" and his privacy policy is set to "Medium" (see below). I have
duplicated these settings on my machine and am able to get and parse the
cookie without any problem. I am wondering what may have changes with MSIE
7, or something I am missing, that is throwing this entire procedure for
this particular user? Any ideas are greatly appreciated. -Ike

"Medium" privacy settings call for
-blocks third party cookies that do not have a privacy policy
-blocks third party cookies that save information that can be used to
contact you without your explicit consent
-restricts first-party cookies that save information that can be used to
contact you without your explicit consent
(note, these are the same settings as on my machine which is working fine)
Feb 1 '07 #1
Share this Question
Share on Google+
9 Replies


P: n/a
Kind of weird... Is he using any kind of other firewall software?

User could try clearing his cookies and retrying.

You could try adding the path and domain to the cookie just to see
what happens: setcookie('cookie', $val, time() + $exp, '/',
$_SERVER['HTTP_HOST']);

On Jan 31, 7:45 pm, "Ike" <r...@hotmail.comwrote:
I have a username/sid pair for typical authentication. That is, for someone
signing in under a given username, a sid is created, saved in both a cookie
and the db on the server. This I am doing as follows:

$timer = md5(time());
$sid = $UserID . "+" . $timer. "+" . $country;
SetCookie("ggcookie", $sid, time() + 86400 * 10000); //Set Cookie
for 10000 days
$query = "update associates set sid=\"$timer\" where
username=\"$UserID\"";

Thus, when another page is called, I immediately retrieve the value of the
cookie as follows:

if (!(isset($ggcookie))) {
echo "cookie not set in browser.";
exit;}

$sidarray = explode("+", "$ggcookie");

However, for one particular user I have, upon upgrading to MSIE 7, this no
longer works as whenever he calls up a new page, he gets "cookie not set in
browser". In looking at his security settings his Zone is "Internet," set to
"Medium High" and his privacy policy is set to "Medium" (see below). I have
duplicated these settings on my machine and am able to get and parse the
cookie without any problem. I am wondering what may have changes with MSIE
7, or something I am missing, that is throwing this entire procedure for
this particular user? Any ideas are greatly appreciated. -Ike

"Medium" privacy settings call for
-blocks third party cookies that do not have a privacy policy
-blocks third party cookies that save information that can be used to
contact you without your explicit consent
-restricts first-party cookies that save information that can be used to
contact you without your explicit consent
(note, these are the same settings as on my machine which is working fine)

Feb 1 '07 #2

P: n/a
On Wed, 31 Jan 2007 16:45:35 -0800, Ike <rx*@hotmail.comwrote:
I have a username/sid pair for typical authentication. That is, for
someone
signing in under a given username, a sid is created, saved in both a
cookie
and the db on the server. This I am doing as follows:

$timer = md5(time());
$sid = $UserID . "+" . $timer. "+" . $country;
SetCookie("ggcookie", $sid, time() + 86400 * 10000); //Set Cookie
for 10000 days
$query = "update associates set sid=\"$timer\" where
username=\"$UserID\"";

Thus, when another page is called, I immediately retrieve the value of
the
cookie as follows:

if (!(isset($ggcookie))) {
echo "cookie not set in browser.";
exit;
}
$sidarray = explode("+", "$ggcookie");

However, for one particular user I have, upon upgrading to MSIE 7, this
no
longer works as whenever he calls up a new page, he gets "cookie not set
in
browser". In looking at his security settings his Zone is "Internet,"
set to
"Medium High" and his privacy policy is set to "Medium" (see below). I
have
duplicated these settings on my machine and am able to get and parse the
cookie without any problem. I am wondering what may have changes with
MSIE
7, or something I am missing, that is throwing this entire procedure for
this particular user? Any ideas are greatly appreciated. -Ike

"Medium" privacy settings call for
-blocks third party cookies that do not have a privacy policy
-blocks third party cookies that save information that can be used to
contact you without your explicit consent
-restricts first-party cookies that save information that can be used to
contact you without your explicit consent
(note, these are the same settings as on my machine which is working
fine)
Why is it that you kill the script if the cookie isn't set? You shouldn't
require cookies to be set in order for people to use your site.

--
Curtis, http://dyersweb.com
Feb 1 '07 #3

P: n/a
Ike
This ONLY occurs when a new browswer window is instantiated. That is, an
instance of the browswer is running, it sets a cookie. Now, if you go to any
page within the site, it checks to see that the cookie is set, if so, it
let's you into the page on that site. All works fine.

However, if you open another browswer instance (the first one, which set the
cookie, is still running too) the second instance fails to see that the
cookie is set in MSIE 7.

Any ideas how I can make the second instance know that the cookie is, in
fact, already set? Thanks, Ike
Feb 1 '07 #4

P: n/a
"Ike" <rx*@hotmail.comwrote:
>
This ONLY occurs when a new browswer window is instantiated. That is, an
instance of the browswer is running, it sets a cookie. Now, if you go to any
page within the site, it checks to see that the cookie is set, if so, it
let's you into the page on that site. All works fine.

However, if you open another browswer instance (the first one, which set the
cookie, is still running too) the second instance fails to see that the
cookie is set in MSIE 7.
Do your cookies have expiration dates in the future? If not, this is
exactly how it's supposed to work. The cookies are local to the instance.
--
Tim Roberts, ti**@probo.com
Providenza & Boekelheide, Inc.
Feb 2 '07 #5

P: n/a
Ike

"Tim Roberts" <ti**@probo.comwrote in message
news:rb********************************@4ax.com...
"Ike" <rx*@hotmail.comwrote:
>>

Do your cookies have expiration dates in the future? If not, this is
exactly how it's supposed to work. The cookies are local to the instance.
--
Tim Roberts, ti**@probo.com
Providenza & Boekelheide, Inc.
Tim,

Is this only for MSIE I suppose? In Firefox, it opens a new instance of the
browswer, and runs fine there. -Ike
Feb 2 '07 #6

P: n/a
On Fri, 02 Feb 2007 06:06:01 -0800, Ike <rx*@hotmail.comwrote:
>
"Tim Roberts" <ti**@probo.comwrote in message
news:rb********************************@4ax.com...
>"Ike" <rx*@hotmail.comwrote:
>>>

Do your cookies have expiration dates in the future? If not, this is
exactly how it's supposed to work. The cookies are local to the
instance.
--
Tim Roberts, ti**@probo.com
Providenza & Boekelheide, Inc.

Tim,

Is this only for MSIE I suppose? In Firefox, it opens a new instance of
the
browswer, and runs fine there. -Ike

Try setting the expiration date ahead to see for sure

--
Curtis, http://dyersweb.com
Feb 3 '07 #7

P: n/a
On Feb 1, 5:45 am, "Ike" <r...@hotmail.comwrote:
I have a username/sid pair for typical authentication. That is, for someone
signing in under a given username, a sid is created, saved in both a cookie
and the db on the server. This I am doing as follows:

$timer = md5(time());
$sid = $UserID . "+" . $timer. "+" . $country;
SetCookie("ggcookie", $sid, time() + 86400 * 10000); //Set Cookie
for 10000 days
<snip>

Do not reinvent the wheels; use PHP's own session--preferrably
with db based handler.

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Feb 4 '07 #8

P: n/a
On Feb 1, 9:15 am, Curtis <dyers...@verizon.netwrote:
<snip>
Why is it that you kill the script if the cookie isn't set? You shouldn't
require cookies to be set in order for people to use your site.
Cookies are the effective way to solve many known security issues.
It is always better to use cookies than trans sid based sessions.

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Feb 4 '07 #9

P: n/a
On Sat, 03 Feb 2007 23:19:12 -0800, R. Rajesh Jeba Anbiah
<ng**********@rediffmail.comwrote:
On Feb 1, 9:15 am, Curtis <dyers...@verizon.netwrote:
<snip>
>Why is it that you kill the script if the cookie isn't set? You
shouldn't
require cookies to be set in order for people to use your site.

Cookies are the effective way to solve many known security issues.
It is always better to use cookies than trans sid based sessions.

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/
Yes, but that wasn't my point.

--
Curtis, http://dyersweb.com
Feb 5 '07 #10

This discussion thread is closed

Replies have been disabled for this discussion.