Hello all,
I am writing an app using PHP that sets two cookies - a username and
password cookie to control a user's session. These cookies are set
every time a page is loaded and expire after a period of time (half an
hour at the moment). Some pages that are displayed contain sensitive
information so these pages have REFRESH tags set so that the page
expires 10 seconds after the cookie expires.
Well, the whole thing works swimmingly on Netscape and Moz but doesn't
work under IE. I'm talking about v5 and upwards. The cookies get set
just fine and the whole app works swimmingly but when the page expires,
IE simply reloads it! I watch IE and I see the refresh taking place and
the page's content gets reloaded instead of the login prompt.
I've checked the cookie dates and they are set to the correct time and
in GMT. The PC is also set to the correct time. I've tried using
setcookie() and header() to set the cookies but it seems to make no
difference.
Does IE handle cookie expiry differently? Am I missing something?
I've enclosed my login code for your reference.
FYI, all the data is stored in a MySQL database. I connect to the
database and fetch the user's details from a table in it. Then I match
the username and the crypted passwd against the cookie. If it works,
then the cookies are set and I also fudge setting the variables so I
don't have to force a refresh of the page.
$login = $HTTP_POST_VARS["login"];
// Set up some cookie variables
// GMT date for the expiry
$date = gmdate("l, d-M-Y H:i:s", (time() + $cookie_lifetime));
$curr_time = gmdate("l, d-M-Y H:i:s", time());
// Secure tag if it's a secure cookie
if ( $cookie_secure )
{
$secure_tag = "secure";
} else {
$secure_tag = "";
}
debugMessage("login: " . $login, 1);
if ( ! $login )
{
// No login button. This means we're logging in for the
first time or
// are already logged in. Either way, we determine this
using the cookies
$username = $HTTP_COOKIE_VARS[$username_cookie];
$password = $HTTP_COOKIE_VARS[$password_cookie];
$cookie_set = "login: $login username: $username";
debugMessage("Cookies: username: " . $username . "
password: " . $password, 1);
if ( validateLogin($username, $password) )
{
// Re-set the cookie. By doing this we're
re-setting the expiry.
header("Set-Cookie:
${username_cookie}=$username; expires=$date GMT; path=$cookie_path;
domain=$cookie_host; $secure_tag");
header("Set-Cookie:
${password_cookie}=$password; expires=$date GMT; path=$cookie_path;
domain=$cookie_host; $secure_tag");
// setcookie($username_cookie, $username, time()
+ $cookie_lifetime, $cookie_path, $cookie_host, $cookie_secure);
// setcookie($password_cookie, $password, time()
+ $cookie_lifetime, $cookie_path, $cookie_host, $cookie_secure);
$HTTP_COOKIE_VARS[$username_cookie] = $username;
$HTTP_COOKIE_VARS[$password_cookie] = $password;
} else {
displayLoginPage();
}
} else {
// If we have pressed the login button, then the
username and password
// are in the POST_VARS. We extract them and encrypt
the password before validating.
$username = $HTTP_POST_VARS["username"];
$password = $HTTP_POST_VARS["password"];
// this is for debugging
$cookie_set = "login: $login username: $username";
$password = encryptPassword($password);
debugMessage("username: " . $username . " password: " .
$password, 1);
if ( validatelogin($username, $password) )
{
header("Set-Cookie:
${username_cookie}=$username; expires=$date GMT; path=$cookie_path;
domain=$cookie_host; $secure_tag");
header("Set-Cookie:
${password_cookie}=$password; expires=$date GMT; path=$cookie_path;
domain=$cookie_host; $secure_tag");
// setcookie($username_cookie, $username, time()
+ $cookie_lifetime, $cookie_path, $cookie_host, $cookie_secure);
// setcookie($password_cookie, $password, time()
+ $cookie_lifetime, $cookie_path, $cookie_host, $cookie_secure);
$HTTP_COOKIE_VARS[$username_cookie] = $username;
$HTTP_COOKIE_VARS[$password_cookie] = $password;
} else {
?>
<center><b>Login Incorrect</b></center><hr>
<?php
displayLoginPage();
}
}
--
Mark Ferraretto Phone: +61 8 8396 2448
Ferraretto IT Services Fax: +61 8 8396 7176
26 Observation Drive Mobile: +61 407 959 719
Highbury SA 5089 Email: [EMAIL PROTECTED]
Australia ICQ: 64748102
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]