IE8 loses my session data when using payment gateway

Question

This is a really strange problem, that appears to be somewhat intermittent (although it has started consistently occurring now - possibly due to a Windows Update?).

My code has previously worked fine in IE7, and continues to work in Firefox, Chrome, and seemingly any other browser but IE8.

I'm setting some session data and then passing the user to a payment gateway (Protx / Sage, if that makes any difference), which on return needs to reference my session data. But my session data disappears. I'm not doing anything fancy with the payment gateway display - no iframes, just a link that takes the user to the payment page, in the same browser window.

Having done some reading, I've tried adding the following to force compatibility mode in my page (as apparently this can cause IE8 to lose session data):

<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />

This had no effect (but then, as far as I can tell, the payment page is not forcing compatibility mode).

There seem to be quite a few people saying that iframes cause this behaviour, but again, no iframes are used.

Considering how persistent session data is in IE8 - unlike IE7, and other browsers, when a new instance of the browser is initiated, any session in another instance of the browser are accessible - I'm struggling to see where and how my session data is being lost.

Answer 1

How are you storing the session - in a cookie or as a hidden variable/form field in the page (if the latter, then it probably isn't being returned from the payment gateway).

I have had a similar problem in the past with IE and sessions, but this was tracked down to the development test area having an underscore in the hostname (such as test_site.internal) which causes IE not to save cookies correctly.

You might also want to try Charles Proxy to watch the flow of data between Internet Explorer and the server(s) to see if you can see at what point the data you need stops being passed.

Answer 2

I've done this kind of thing with Sage Pay before. Here is what I did, it might help:

1. Register the transaction
2. Save the current session Id to database (eg. inside the temporarily stored transaction)
3. Send the user off to sage pay to do the payment
4. Sage pay notifies you and you can load up the temp transaction
5. Pass the session id as a query string parameter for your redirect url
6. On the redirect (completion page) check if there is a session id var in the request and if there is, then call session_id($theIdYouGotFromQueryString) before calling session_start()

p.s yes i know it doesn't directly answer your question. But maybe doing it this way will help?

Answer 3

Can you please confirm , other than sorting session in the db /file we don't have any solution for this?.What will be really causing of this session problem/.

Answer 4

It sounds like a P3P problem. See this: http://support.microsoft.com/kb/323752/en-us for IE6 and later browsers.