Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New to the CF scene
    Join Date
    Feb 2008
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Internet Explorer 6+7 rejecting some cookies

    Hey all,

    I have a custom session class which generates a random session ID string, and stores it as a cookie:

    PHP Code:
    setcookie('id'serialize($randomKey), strtotime('2 weeks'), '/'); 
    This works for the majority of users, however there are a few cases where Internet Explorer will reject this cookie consistently.

    This only affects some users - 95% of IE6 and IE7 users accept this cookie - its only a few random people where the browser rejects the cookie.

    I initially thought these users has cookies turned off, but I setup a 'cookie test' page which simply sets a basic cookie, forwards to another page, then checks if the cookie is there - and it is!
    So it seems the browsers reject the session cookie, but will accept other cookies.

    Setting the privacy slider in Internet Options down to 'Accept All Cookies' seems to solve this problem. However it is hard to me to debug, as I cannot replicate the bug myself.

    I have tried;
    • setting the P3P policy
    • setting the domain name in the setcookie() function (as '.domainname.com')
    • making sure the server is in the correct timezone


    Any more ideas?

  • #2
    Regular Coder
    Join Date
    Jun 2002
    Posts
    905
    Thanks
    23
    Thanked 5 Times in 5 Posts
    I have a similar problem and I've not yet got a fix.. I do have an alternative solution though, store your session data in a database of somekind, either mysql or sqllite or even just in a flat file directory

  • #3
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,049
    Thanks
    2
    Thanked 317 Times in 309 Posts
    Could you give an example of what $randomKey contains so someone could duplicate the problem.

    The cookie value is serialized by php when it is sent to the browser. There is no need for you to explicitly do so if $randomKey is just a single value.

    Does this work using other browsers?

    Any chance you have other program/GET/POST/SESSION variables with the name "id" and register globals are on?

    Are you doing any url rewriting - host/subdomain or path redirecting?

    Are you switching between http and https protocols?

    Basically, you need to provide as much information as possible.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • #4
    New to the CF scene
    Join Date
    Feb 2008
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have a similar problem and I've not yet got a fix.. I do have an alternative solution though, store your session data in a database of somekind, either mysql or sqllite or even just in a flat file directory
    I already store everything in a database - all this code is my own custom class, I'm not using session_start or any of those functions

    Could you give an example of what $randomKey contains so someone could duplicate the problem.
    Sure, here is a response header for a successful cookie set:

    Set-Cookie: fvid_id=s%3A45%3A%2246c971a9f585f859d9af9374d6700d6247ba07765ece8%22%3B; expires=Mon, 18-Aug-2008 23:32:22 GMT; path=/; domain=.xxx.com

    The cookie value is serialized by php when it is sent to the browser. There is no need for you to explicitly do so if $randomKey is just a single value.
    I have my own 'setCookie' function, which serializes all values I give to it. This makes it really quick and painless to store all data, including arrays, in cookies.
    I also use my own 'getCookie' function which unserializes the data.

    Do you think serializing the data could be the reason some browsers reject the cookie?

    Does this work using other browsers?
    Yes, I've never had a firefox user complain of this bug. I've never been able to replicate it myself using IE6 or IE7 either. It just seems to be very few select random people.
    Heres the user agents of some people reporting the problem:
    • Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.2)
    • Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
    • Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; InfoPath.2)
    • Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.1)
    • Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
    • Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)

    Any chance you have other program/GET/POST/SESSION variables with the name "id" and register globals are on?
    Nope. Like I said it works for most people, so I'm pretty sure its browser or PC settings affecting this, and not so much a coding problem. I could be wrong though

    Are you doing any url rewriting - host/subdomain or path redirecting?
    Yes. There are no subdomains, however all requests are filtered through the index.php file by htaccess. This serves out everything. Eg:

    RewriteRule .* /index.php [L]

    Are you switching between http and https protocols?
    Nope, there is no https involved.


    Thanks for your responses guys!

  • #5
    New to the CF scene
    Join Date
    Aug 2008
    Location
    NC, USA
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Anyone found a solution to this issue?

    I have run into this same problem. Session Cookies work in Firefox and IE7 on XP and even IE7 on Vista (for me), but I have a client whose browser won't save the session cookies at all.

    These two User Agents worked (mine):
    Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506)

    This one didn't work (client's):
    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; .NET CLR 3.5.21022)

    Went through all of the settings with the client over the phone checking that their IE7 Vista settings were the same as mine, and they were.

    It seems like the Media Center PC 5.0 part could be the culprit, not sure though.

    I hope someone helps us out here!

    Thanks,

    Kit


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •