[Sessions][IE 5] Auth wrong or something else?

[Masterslave]

Hi all,

I'm working on a web application and I'm almost done for the first version.
I check several browser to see how the application is showing it's html css.
But when I use Internet Explorer 5 I can't login and I don't know why.

Some explanation:
The code if you entered a valid username with password:

PHP Code:

session_start();
if( isset( $_SESSION['login']) || $_SESSION['login'] )
{
    header("Location: index.php?page=home");
}
else
{
   if( $correctLogin )
   {
      $_SESSION['account_id'] =  mysql_result($getUsr, 0, 0); //account id opslaan
      $_SESSION['real_name'] = mysql_result($getUsr, 0, 3); //user opslaan vanuit het formulier in de sessie
      $_SESSION['login'] = true; //als login klopt sessie login aanmaken
            
            $setIsLoggedIn = "
                UPDATE " . ACCOUNT_TABLE . " 
                SET 
                    is_logged_in = '1'
                WHERE account_id='" . $_SESSION['account_id'] . "'";

                mysql_unbuffered_query( $setIsLoggedIn ) or die( mysql_error() );

            header("Location: index.php?page=home");
     }
} 


In every page of the application there's checking a PHP file if your are logged in, if so than you may view the requested page else go to login.php

PHP Code:

<?php
//auth
session_start();
if ( !isset($_SESSION['login']) || !$_SESSION['login'] )
{
    header("Location: login.php");
}
?>

Allright, if I change header("Location: index.php?page=home"); into http://website.com then the header works fine, with index.php?page=home it redirects to login again.
So I think the //auth code isn't working well, this is only with IE5. With FF,IE6+,Opera7+ etc etc it is working well.

Can anybody tell me why IE5 doesn't login to my application?

Thanks in advance.

[aedrin]

My first question would be: Why?

I'm all for supporting different browsers. But a browser without any reasonable marketshare?

(I'm not trying to flame, just curious)

Quote:

So I think the //auth code isn't working well

I think if all major browsers handle it properly, and an older browser does not, I think you're dealing with a bug.

It might not be able to deal with relative forwards as well.

Are you sure it's doing what you think it is doing? Usually when something is acting completely illogical, I like to go back and be 100% sure that what I think is happening, is in fact what is happening.

Using Fiddler, and logging statements (so you can see in a seperate file where the code goes) evaluate what is happening.

It's possible that IE5 doesn't handle the session cookie properly with the location forward call, resulting in it thinking that it is a new session (echo out the session ID into a debug file).

EDIT: Looks like I found a fellow Dutchian

[Masterslave]

Hehe, I knew that somebody will asked that.
Why I'm supporting IE5, I don't now actually.
I'm obsessed that my code is working in many browsers, I don't know I like that. (It's hard to express thit in English for me...but ok).

I thought also it is bug, but I'm not sure, so I posted a tread .
Yes, I'm sure it's doing what I'm thinking it is doing for 99%.

I do that PHPSESSIONID debug thing tomorrow(now I'm getting a beer at the bar).

[Masterslave]

I couldn't test it so far because my IE5 crashes all the time...
I don't know why, anybody any idea to to solve my problem?

[CFMaBiSmAd]

This is not really a bug, but following a standard. From the header() section of the php manual -

Quote:

Note: HTTP/1.1 requires an absolute URI as argument to Location: including the scheme, hostname and absolute path, but some clients accept relative URIs. You can usually use $_SERVER['HTTP_HOST'], $_SERVER['PHP_SELF'] and dirname() to make an absolute URI from a relative one yourself:

PHP Code:

<?php
/* Redirect to a different page in the current directory that was requested */
$host  = $_SERVER['HTTP_HOST'];
$uri   = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'mypage.php';
header("Location: http://$host$uri/$extra");
exit;
?>

Only some browsers/versions support relative addresses in a header() redirect.