2
session_start();
//If user was logged in then returns true,
//if user was NOT logged in then it returns false;
//except on ie8 this returns ALWAYS false, and never true
var_dump($this->user->is_logged_in());

$_POST['username'] = 'test';//username = test
$_POST['password'] = 'test';//pass     = test
var_dump($this->user->login());//bool //true/
var_dump($this->user->is_logged_in());//bool true
die();

This is what I have on my script to debug my script and find out where the problem is... The problem is that on "ie8 only" The sessions do not seem to stay and always keep deleting on every request.

I should also mention b4 this code there is ob_start()

This is driving me mad :( help anyone? if more info needed I will add them.

Val
  • 17,336
  • 23
  • 95
  • 144
  • Could this be related? http://stackoverflow.com/questions/794243/internet-explorer-ignores-cookies-on-some-domains-cannot-read-or-set-cookies Also, is this only in IE **8**, or does this happen in other versions as well? – Piskvor left the building May 23 '11 at 12:15
  • ie8 ONLY, I checked on ie6,ie7,ie9 all good,ff 3.6 +, and chrome it works fine except ie8 has a mind of its own – Val May 23 '11 at 12:30
  • just read your link above do they mean `$_SESSION['_bla_bla'] = 'Hello';` are not allowed on ie8 ?because of the underscore ? – Val May 23 '11 at 12:33
  • @Val: No, this means that if you had e.g. `http://test_domain.example.com/yourscript.php`, then underscore **in the domain name** would lead to cookies not saved (and thus sessions not saved). That, however, happens in every IE, at least from version 6 and up. – Piskvor left the building May 23 '11 at 12:38
  • oh ok then in that case thats not the issue, domain name is something like this. "www.domain.name.sch.uk" – Val May 23 '11 at 12:41
  • @Val:`.sch.uk`? Interesting, first time I've seen that (but apparently a legit 2nd-level domain). Could you try to reproduce this with a different domain name? IIRC there were some specific rules for `.co.uk`, possibly that might have broken something... – Piskvor left the building May 23 '11 at 12:44
  • sch.uk is legit is short for school, only goverment is allowed to issue this domain names to the uk schools – Val May 23 '11 at 12:46
  • @Val: Yes, I noted that. What I meant is that since `.uk` has this special two-level top domain system, there are various quirks concerning this in browsers. I wanted to suggest that you test the code on another domain and see if you can observe the same problem. – Piskvor left the building May 23 '11 at 12:50

1 Answers1

1

Some things to check:

Are you sending a proper P3P header on your responses?

IE seems to have a problem with cookies on Internet Zone sites if you're not sending P3P headers. You should send something like this with each response:

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"

See here also: http://msdn.microsoft.com/en-us/library/ms537343(v=VS.85).aspx

Does it work with another compatibility mode?

I've had cookie issues with IE8 unless its X-UA-Compatible header is set to IE=EmulateIE7, but your mileage may vary.

Jonathan
  • 7,536
  • 4
  • 30
  • 44
  • P3P? first time I have heard so probably no I am not, it works on ie6, ie7 which Is more likely to mess up – Val May 23 '11 at 12:29
  • besides thats ie6 the link you put up, my problem is on ie 8 lol – Val May 23 '11 at 12:36
  • @Val: P3P was introduced in IE6, it was never taken *out*, so it is in IE7, IE8, IE9, and probably in IE10 too. – Piskvor left the building May 23 '11 at 12:39
  • If I turn off protection mode it does work... on tools,option,privacy – Val May 23 '11 at 12:52
  • I found that as well, Val, that with protection turned off in Privacy it worked whether the header was there or not, but if protection is turned on (as it is by default) then it would not work without the header. This was in IE8. – Jonathan May 23 '11 at 15:29
  • Well I am not using the sessions on the main site just the cms side of it... ie sucks I wasted a whole day on this and trying to figure away around it... – Val May 23 '11 at 15:30