Session ID always changing - can't login to my web application from ONE PC!!! Sessions being lost!

Question

Hi guys, we've recently done some installation but I'm facing issues with one pc in particular and its baffling. We have a webapplication installed on our local server which is accessed by all our workstations. FOr some reason we can't log into our webapplication using one workstation. The application is a PHP MYSQL collaboration system. I double checked and for some really odd reason whenever we login it creates a session ID but upon logging in and redirecting to another page the session is broken and a new session id is generated thus the individual is automatically logged out again.

What could be the issue here - is its a firewall thing - its not the web application as we can access it fine via the other workstations. We even disabled the firewall but in all cases that single dumb workstation seems to have an issue with maintaining the session.

Help please - I'm sure its an issue confined to that one PC - what could it be.

Update

The authentication sequence is as follows:

1. Login
2. Authenticate user
3. Build session
4. Store session variables with session ID in db
5. Redirect
6. SESSION variables are empty - a new session ID is generated
7. Since new session ID is not of an authenticated user - return to login

More details

• SSL is not enabled
• Cookies are enabled are on the problem machine

UPDATE

I don't understand how can redirection be the problem here. My redirection code is as follows I'm using the following function to redirect to the index page upon successful login.

function _redirect($url)
{   
    #To redirect to a specified page
    if(headers_sent())
     echo "<meta http-equiv=\"refresh\" content=\"0;URL=$url\">";
    else
     header("Location:$url");
    exit; 
}

Plus even if it is an issue why is it a problem on just one PC and not on the others? I don't wish to change my code just to accommodate one system as opposed to fixing whats wrong with that one system which is preventing it from behaving in the first place.

MORE UPDATE

I just double checked and found something odd. My login is ajax based i.e. a request is made via ajax if it is a success the session variables are generated and a boolean 1 is sent back upon receiving the user is redirected via a javascript call which is:

function _redirect(url)
{
 window.location = url;
}

I commented out this call and instead when the user is logged in I manually go to the index page and it works fine!! What is the javascript redirect messing up in this one pc thats not messing up in the other workstations is beyond me :( How do I fix this?

Answer 1

what browser are you using on this workstation? IE? Firefox? Have you tried different web browsers? Tried checking the browser settings yet? What is the time out set to? Is the time on the server and workstartion syncing properly with ntp?

In IE you can disable accepting of sessions cookies if the security is set to high I believe.

Answer 2

If you're losing the session, it's likely because the session cookie is not being transmitted. Does the browser on that machine have cookies enabled? Are you using SSL for your login page? Does your login code do anything besides validate a username/password (e.g. validate an IP address or machine name)?

Edit

Can you verify with Fiddler/Wireshark that the session cookie is transmitted when you redirect? Can we see some example login code?

Answer 3

It sounds like the cookie is not being set and sent back to the server properly on this machine. Verify that you have cookies enabled and that you don't have some 3rd party browser extension or other software blocking cookies.

Answer 4

I misunderstood the question to begin with (hence my edit history)

What is the domain the login is on and the main site is on? If it's between domains (could be anything like sending between example.com and www.example.com)