iPhone cookie/caching issue on 3G, fine over wifi

Question

I'm having trouble with an old pre-mobile website which uses PHP, MySQL, cookies and HTML forms to log users in, and then track their session (it's a calendar app and messageboard). When my iPhone is attached to my wifi network at home, all is well, but when I switch to 3G the cookies no longer function and the session is dropped.

I read another thread: http://stackoverflow.com/questions/3282373/web-site-exhibits-javascript-error-on-ipad-iphone-under-3g-but-not-under-wifi in which the poster was experiencing a javascript issue on 3G but not on WiFi, and the suggestion was that the cellular carrier (O2 in his case, Orange UK in my case) itself was messing with the HTTP data going across 3G, but not WiFi. The fix was to use more javascript to prevent inlining of includes.

Does anyone think that my cookie and session problems are possibly caused by a similar issue, and if not can anyone think of an alternative explanation and ideally a fix?

Answer 1

I'm guessing your 3G provider is proxying your HTTP somehow. It's common for some (in my opinion, crappier) ISPs to do this. That would be an explanation of why it is behaving differently to the same browser on another connection.

Lots of people will access your site over a proxy such as Squid. You need to fix this so it works or you might inadvertently block access to some people.

My guess is that your code may just be setting cookies in a particular way which is forgiven by browsers but not supported by that particular proxy. I'd start troubleshooting by specifying the domain, expiry in different ways (with dot at start of domain and without, with quotes around domain/path and without) and turning on or off Cookie2 features or HTTP-only features.

Is there an HTTP header viewer for the iPhone browser? If not try tethering it and use something like LiveHTTPheaders in Firefox (keep in mind that if your network can detect tethering it could in theory turn on/off its proxy based on whether you tether).

You'd probably have to post your code or an HTTP transcript (just the headers) for people to diagnose further.

Answer 2

Aha - I found out what the problem was. The cookie control on the site in question was actually being run by an installation of phpBB, which uses IP binding as a security measure. This checks off the IP addresses of successive requests within a session and drops it if they don't match. Must be the case that over wifi I have an unchanging IP, while Orange UK must bounce around several IP addresses when I run over 3G. Solved the problem by turning down the IP binding in phpBB (you can ask it to compare the whole address or just the first 2 or 3 bytes instead).