tags:

views:

684

answers:

1
+1  Q: 

Problem with cookie expiration set to 0 in IE8

I have found a fairly significant issue with IE8 with regard to setting cookie expirations to 0 (so as to log a user out when they close the browser). It seems that each new tab or window is counted as a new session, so if a user opens a page on the site in a new tab/window, they have to login again unless they selected the option to stay logged in, which makes the cookie persistent and doesn't cause any problems. There has got to be a way to make this work like it should and always has in the past without forcing my users to stay logged in even after they close the browser. If it matters, I am setting the cookies from pHP like this:

setcookie("username",$username,0," ",".example.com");
A: 

the issue could be the space in the path field. this attribute should be unspecified or should be a valid path like /home. try specifying an empty string ('') instead of space.

could also be a caching thing, i.e. the login page may appear to be unauthenticated because the content was cached. session_cache_limiter('nocache') in php would instruct the browser not to cache anything (when using sessions), which is the same as setting:

Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

to omit the path, you can pass '' (empty string) or null to setcookie for that param. or use something like '/' to indicate the entire site.

ie8 windows and tabs share the same session unless the user selects "File -> New Session" or runs iexplore.exe -nomerge explicitly.

jspcal  2009-12-27 02:38:21
It isn't a caching issue. Like I said, IE8 interprets each tab/window as a new session, so only persistent cookies are carried over. It is also quite obvious that caching isn't the problem because I redirect to the login page (with the page that you came from in the URL) and it does that no matter what URL.
James Simpson  2009-12-27 03:08:04
I just ran HTTP Spy and I logged in on one page, and all of the cookies showed correctly. I then opened a link from the page (the link contained a random number in the URL to break cache) and it redirected to the login page. HTTP Spy didn't show any of the login cookies that show in the other tab.
James Simpson  2009-12-27 03:41:13
By the way, it isn't like this is just some issue with my specific settings. I've been getting e-mails from users about it and I have tried it on multiple computers with the same results.
James Simpson  2009-12-27 03:41:53
ie8 windows, tabs, and popups belong to the same session by default, so they're not isolated contexts. as for caching, if caching isn't disabled, ie will cache responses (browsing to /home or /login again might not display the current user for example, but it all depends on how the app is constructed and what the test scenario is). another thing to check would be using http spy to verify the cookie data contains the expected values
jspcal  2009-12-27 05:18:09

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases