ID: 14636 Comment by: michael at graber dot org Reported By: kannan at tmsassociates dot com Status: Bogus Bug Type: Session related Operating System: windows 2000 professional PHP Version: 4.0.6 New Comment:
Just found an annoying quirk (aka bug) in IE - after applying a security patch, IE no longer sets cookies if the server or domain name contain anything except alphanumerics (ie, no "_" or "-", etc.). The symptom was that every page or refresh of the same page generated a new session, and obviously no variables were passed from page to page. http://support.microsoft.com/default.aspx?scid=kb;EN-US;316112 Previous Comments: ------------------------------------------------------------------------ [2004-02-15 19:15:24] smcbride at msn dot com I have had the same problem on Windows/IIS. I thought it was a coding mistake, but it turns out to be a problem with PHP / IIS. When running php as a cgi exe, it does not set up the session properly the first time. If you run it as an ISAPI extension, it works. I spent a few hours on this one. If your symptoms are that the first time it does not work and then hit the back button in the browser and try again and it works, then it is probably this. I read somewhere that this is actually a IIS issue. ------------------------------------------------------------------------ [2004-01-29 06:53:31] brett dot crosby at australiswebtech dot com dot au Have experienced the same problem where an application works fine on LAMP and not on Win2k. One thing that I did notice (by accident - I turned on debugging to see what was happening) is that if I send some output to the second page prior to the header() command the session variable was registered. I'm then able to shut down the browser and restart without problems. However, if I reboot my machine, I must send the debug output again. Note to self: Perhaps there is a way of sending some data to the browser that will instantiate the session but clear the buffer before sending the 'real' data? ------------------------------------------------------------------------ [2004-01-23 01:53:12] moon_wizard at yahoo dot coom I just ran into the same issue. I set up PHP and Apache on my home Windows machine. I was able to successfully set SESSION variables and recover after a header() call. When I moved the file to my hosting provider, the SESSION variables were lost. I think that my hosting provider might be using IIS. I tried the session_write_close() with no success. John Gregory ------------------------------------------------------------------------ [2004-01-13 15:34:34] mgandalf at seznam dot cz Hi, I just look at your source and php.ini and it was clear to me. Problem is here: "session.cookie_path = c:\temp". It is not path to file but path on web server where is cookie valid. So change it to "session.cookie_path = /" and it will work. When it is for example "/dir_name", cookie is valid just for http://server/dir_name/, but not for http://server/dir_name2/ and in this 2nd case will not be sent. Gandalf ------------------------------------------------------------------------ [2004-01-09 17:47:15] writeto_ben at hotmail dot com I would have liked a simple header redirect as well, but unfortunately the other suggestions didn't solve the issue. However, setting a javascript redirect seemed to do the trick. I'm using Win2k professional, IIS 5.0, PHP Version 4.3.4 This will work on IE browsers. Just modify the javascript for netscape compatibility. <? //...perform login check, produce $errStr if fails if($errStr){ header("Location: login.php?err=".$errStr); }else{ print '<html> <body onload=eval("window.location.href=\'http://blahblahblah/default.php\';");></body> </html>'; } ?> ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/14636 -- Edit this bug report at http://bugs.php.net/?id=14636&edit=1
