1

This is my first question here(forgive me if i've done anything stupid).I really like this forum and been a regular visitor.

Well,I have a login script on iis server and it works without any issues on Chrome,Mozilla,opera but not on Safari and IE (below are the lines of code from the same) :

site/login/login.php

session_start();
$_SESSION['signed_in'] = true; //i checked $_SESSION['signed_in'] here and it is "1".
session_write_close(); 
header("Location: ../dashboard.php");exit;

site/dashboard.php

session_start();
if($_SESSION['signed_in'] != true)
{
// well $_SESSION['signed_in'] is empty :-( and goes back to index.
header("Location: index.php");exit; 
}

EDIT :

Hi, i just found IE and Safari's are not allowing cookies (it says cookies blocked) when i changed the settings and allowed cookies it worked in both the browser, but it is not a proper solution because it wont make any sense if i need to ask all the visitors to allow cookies on their browsers. Please help :-(

Diwakar Mishra
  • 7
  • 1
  • 10
  • Refer this Site.. think so it will help you out.. [Click Here!!](http://blogs.iis.net/bills/archive/2006/09/19/How-to-install-PHP-on-IIS7-_2800_RC1_2900_.aspx) – coolprarun Aug 07 '13 at 06:00
  • Thanks, but the page says Bad Request (twice).The link contains tags when i removed it took me to a page which says "Sign In to the IIS Community".I've already serched there forum for help but couldn't find any :-( – Diwakar Mishra Aug 07 '13 at 06:04
  • have you checked error in Error COnsole? –  Aug 07 '13 at 06:09
  • Thanks komal, I checked both firebug and web developer toolbar.but there are no errors or warnings (and it works on MOzilla,opera and chrome). – Diwakar Mishra Aug 07 '13 at 06:18
  • Check the serverlogs for errors. – DAG Aug 07 '13 at 06:31
  • Thanks Christian, i'm not sure, do you want me to check the Event Viewer? – Diwakar Mishra Aug 07 '13 at 06:36

1 Answers1

0

Had the same problem on a website. IE and Safari possible detect your cookies as third-party cookies. You have to fix that or add an P3P privacy policy.

You will find different examples for such a P3P if you google for it. It is just a short line to set in header(). You have just to adapt it to your needs.

http://www.w3.org/P3P/

EDIT: maybe you can solve the problem with restructuring your code:

login.html

<form action="dashboard.php" method="post">
<input ...>
</form>

dashboard.php

<?php 
required_once('login_validation.php');
if($_SESSION['signed_in'] != true)
{
  header("Location: index.php");exit; 
}
//do stuff to show normal dashboard

login_validation.php

$valdiate=//validation stuff
if ($valdiate) {
  session_start();
  $_SESSION['signed_in'] = true;
  session_write_close(); 
}
Patrick Brösamle
  • 354
  • 2
  • 12
  • Thanks a ton Patrick, I added this (header('P3P: CP="NOI ADM DEV PSAi NAV OUR STP IND DEM"');) at the start of my login.php file and it worked. – Diwakar Mishra Aug 07 '13 at 09:12
  • Its still not working on safari,only works if i allow cookies :-( please help. – Diwakar Mishra Aug 07 '13 at 09:34
  • Mmh Safari is much more restrictive than IE (surprising). In the new versions Safari does not except any third party cookies as far as i know. I am unable to test myself with Safari. You have to solve the problem that your cookie is recognized as third party! Do you run your scripts in an iframe? If you are able to don't run it in an iframe the problem should be solved also in IE – Patrick Brösamle Aug 07 '13 at 09:45
  • well i'm not using iframe just simple php files... i dont understand why does safari treats them as third party cookies, they're simple php sessions? – Diwakar Mishra Aug 07 '13 at 10:09
  • Sorry then i can't help you. You have to discover why there happens such a behaviour. Check your server settings and the skripts around. Maybe this thread can help you http://stackoverflow.com/questions/1144894/safari-doesnt-set-cookie-but-ie-ff-does It is maybe because of the fact that you first set the cookie and then redirect to another side by modifying the header. Maybe that causes the interpretation as third-party. – Patrick Brösamle Aug 07 '13 at 10:24
  • I will do that, seems it has something to do with the server (iis). could you suggest anything on this,i mean what setting should i check on the server. – Diwakar Mishra Aug 07 '13 at 10:40
  • oh i am not familiar with iis. But i think you can solve the problem if you use another solution than header(Location:...) Check the manual for this fact http://www.php.net/manual/en/function.header.php There is also a note: Session ID is not passed with Location header even if session.use_trans_sid is enabled. It must by passed manually using SID constant. – Patrick Brösamle Aug 07 '13 at 10:49