Session variables not getting set but only in Internet Explorer and not on all machines

Question

Logging into a site I'm working on functions as expected on my local machine but fails on the remote server but ONLY in Internet Explorer. The kicker is that it works in IE locally, just not on the remote machine.

What in the world could cause this? I have stepped through the code on the remote machine and can see the entered login values being checked in the database, they are found and then a login function is called. This sets two $_SESSION variables and redirects to the main admin page. However, in IE only (and not when run on local machine... this is key) the $_SESSION variables are not present by the time you get to the main admin page. var_dump($_SESSION) gives me what I expect on every browser when I am running this in my local environment and in every browser except IE 6, 7 and 8 when run on the remote server (where I get a null value as if nothing has been set for $_SESSION).

This really has me stumped so any advice is appreciated.

For an example... in IE, run locally, var_dump gives me:

array
'Username' => string 'theusername' length=11
'UserID'   => string 'somevalue' length=9

Run on the remote server (IE only... works fine in other browsers) var_dump gives me:

array(0){}

Code (a minimal example... though really a code example isn't needed with this issue):

$User = GetUser($Username, $Password);
    if ($User->UserID <> "") { // this works so we call Login()...
        Login($User); // this also works and gives expected results. on to redirect...
        header("Location: index.php"); // a var_dump at index.php shows that there is no session data at all in IE, remotely.
    } else {
        header("Location: login.php");
    }


function Login($data) {
        $_SESSION['Username'] = $data->Username;
        $_SESSION['UserID'] = $data->UserID;
// a var dump here gives the expected data in every browser
    }

---

EDIT: Solved this. It was the fact that the domain name on the testing server had an underscore in it. No idea why and don't have time to Google for it right now but the underscore, named something like some_client.ourcompany.com, was the problem. Gotta love Internet Explorer... it's like a passive aggressive co-worker that you simply cannot avoid.

Answer 1

Have you checked your cookie/security settings? Maybe some firewall/antivirus software is blocking the session cookie?

Answer 2

Try putting session_start(); at the top of the page you are making the sessions in. and check if you assign the session vars the right way:

$_SESSION['SESSION_NAME'] = 'sessionValue';

Answer 3

Check the value of session.cookie_domain in your php.ini file. If that value is set, make sure it's what you'd expect. That's the biggest thing I can think of which could behave differently locally vs remote.

Also, if you have a value set to session.cookie_lifetime, try commenting that line out in your php.ini. I saw some peculiar behavior with IE when I dropped a value in there.

Here's a quickie session checker. If you reload the page and keep seeing new values for the token, you're not getting a persistent session. Then you can definitely blame the server/PHP config and not your code.

<?php
session_start();
if (!isset($_SESSION['token'])) {
    $_SESSION['token'] = sha1(uniqid(rand(), true));
}

if (!empty($_POST)) {
  $_SESSION['hi'] = preg_replace('/[^\w ]+/','',$_POST['hi']);
  header("Location: index.php");
  exit;
}

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"&gt;
<html>
<head>
<title>Session test</title>
</head>
<body>

<h1>How's that session doing?</h1>
<p>Message: <?=htmlspecialchars($_SESSION['hi'])?></p>
<p>Token: <?=htmlspecialchars($_SESSION['token'])?></p>


<form action="index.php" method="post">
<fieldset>
  <label for="hi">What do you have to say?</label>
  <input type="text" name="hi" id="hi">
  <input type="submit" value="Submit">
</fieldset>
</form>

</body>
</html>