tags:

views:

139

answers:

2
Q: 

php session id and ajax, javascript

It has come to my attention that my website is not working correctly under many versions of Internet Explorer. After looking around everywhere, I did a "cookie" test (http://www.rgagnon.com/jsdetails/js-0092.html), and realized that cookies are not working when I use any version of IE, but works fine with Chrome, Firefox, Safari ...

It seems that when cookies are not working, then my session variables keep disappearing. I use php session. Isn't PHP supposed to deal with that problem automatically?

I do use some javascript window.location, and some ajax calls (phplivex). Could it be because of that? Does it not append the phpsessionid at the end of all urls no matter what?

+1  A: 

Could it be the timezone issue? See Session cookies rejected by Internet Explorer.

Final Solution

The timezone issue did give me a hint to check the time on my client and server. My client is a Windows laptop which had the correct time and timezone thanks to being synchronized with the NTP protocol. My server on the other hand was out of sync.

The timezone was correct, but the UTC time was set to my local time instead. As a result, the server was actually six hours in the past as far as the client was concerned. A timeout of one hour would have expired in the past for an IE instance running on my client. No wonder IE was rejecting my sessions.

I ran ntpdate to fix my time and then reset my timezone using tzselect.

# ntpdate pool.ntp.org
# tzselect

I then refreshed IE which immediately started accepting the sessions. All aspects of my application started working correctly. So much for so little.

Moral of the story, use NTP to ensure that your machines have their time set correctly.

So basically make sure the UTC time is correct on your server and for good measure explicitly set the PHP timezone (you'll get a warning under E_STRICT if you don't anyway).

cletus  2009-11-17 00:47:31
Nope. I've just set IE to "accept all cookies" and it now works. So I am now convinced that my application cannot handle access with cookies disabled.
nute  2009-11-17 00:49:41
A: 

nute are you sure this not have to do with your particular IE install. have you tried on different machine ?

As a whole workaround you can to use use_trans_sid, it would make the session id passed by URL instead of cookie. WARNING use_trans_sid can create big security problems so I think you have better to investigate where the problem come from and if you really don't find any solution use this.

RageZ  2009-11-17 01:16:19
Yeah after many tests now, I am convinced that it simply comes down to having cookies enabled or not. Would you recommend then that I tell my users that they need to accept cookies if they want to use our site, instead of inserting the session id in the URLs?
nute  2009-11-17 01:41:29
yes I would recommend more an user warning then the `use_trans_sid`, the `use_trans_sid` was kind of a hack to build mobile phone website. Plus since all the session handling in `J2EE`, `ASP.NET`, `PHP` (and all I have forgot) are cookie based, I think an user not accepting cookies would encounter problems not only on your website but on pretty much any website!
RageZ  2009-11-17 02:12:26

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases