session information at *some* clients lost
am 26.11.2005 00:54:41 von nico
Hi,
It seems I have a nasty problem. My website uses SSL and sessions.
Authentication works fine, based on code like:
session_cache_expire($this->sessionValidity);
session_start();
if (isset($_SESSION["id"]))
{
$this->sessionId = $_SESSION["id"];
}
else
{
$_SESSION["id"] = session_id();
$this->sessionId = session_id();
}
session_write_close();
However, for some strange reason, there are a few users who have
troubles with lost session info. It means that a PHP cookie is stored
on their PC, the information is returned to the webserver, but it
doesn't match the original created session ID. The result; these users
can never even login. We have tested with disabled firewalls and virus
scanners (client side), but no effect. We have tested with sending a
session ID via setcookie(), but again the session is not preserved in
this specific situations.
Server side we use PHP 4.3, client side the users have MS IE 6.0 SP2 or
FireFox 1.0.7.
Does anyone has an idea how to solve this ?
Nico
Re: session information at *some* clients lost
am 11.01.2006 21:34:37 von Jim Michaels
you *might* be able to try this:
ini_set(session.use_cookies="0");
before your session_start() and see if this clears things up. PHP might
give you an error though.
If I am correct, this setting affects ALL PHP users. the value is normally
"1". Be sure to set it back if things don't work out.
Jim
"Nico" wrote in message
news:1132962880.983151.217130@g47g2000cwa.googlegroups.com.. .
> Hi,
>
> It seems I have a nasty problem. My website uses SSL and sessions.
> Authentication works fine, based on code like:
>
> session_cache_expire($this->sessionValidity);
> session_start();
> if (isset($_SESSION["id"]))
> {
> $this->sessionId = $_SESSION["id"];
> }
> else
> {
> $_SESSION["id"] = session_id();
> $this->sessionId = session_id();
> }
> session_write_close();
>
> However, for some strange reason, there are a few users who have
> troubles with lost session info. It means that a PHP cookie is stored
> on their PC, the information is returned to the webserver, but it
> doesn't match the original created session ID. The result; these users
> can never even login. We have tested with disabled firewalls and virus
> scanners (client side), but no effect. We have tested with sending a
> session ID via setcookie(), but again the session is not preserved in
> this specific situations.
>
> Server side we use PHP 4.3, client side the users have MS IE 6.0 SP2 or
> FireFox 1.0.7.
>
> Does anyone has an idea how to solve this ?
>
> Nico
>