In IE my session cookies are mysteriously deleted.

[raglan22]

I'm pulling my hair out here...

Here's my problem. I'm about halfway done with my site (It's a site to sell stuff and I'm working on the shopping cart) when I noticed a big problem. I've got session cookies working in every browser (FF, chrome, safari) except Internet Explorer. For some reason IE likes to delete my session cookies so there's nothing there after I click 'view shopping cart'. I've verified that the session is set but then it gets deleted. Now I am using IFrames and I searched for possible causes and tried changing headers, making sure there's no underscores, etc... No joy

 

The problem is that getting the problem to show up would require a lot of copying code onto this page since it's like 4 or 5 pages to get something into the cart and then view the cart itself. What do you folks recommend? Should I just link to the site itself?

[AyKay47]

this might be of interest to you..

 

Final Solution

 

The timezone issue did give me a hint to check the time on my client and server. My client is a Windows laptop which had the correct time and timezone thanks to being synchronized with the NTP protocol. My server on the other hand was out of sync.

 

The timezone was correct, but the UTC time was set to my local time instead. As a result, the server was actually six hours in the past as far as the client was concerned. A timeout of one hour would have expired in the past for an IE instance running on my client. No wonder IE was rejecting my sessions.

 

I ran ntpdate to fix my time and then reset my timezone using tzselect.

 

# ntpdate pool.ntp.org

# tzselect

 

I then refreshed IE which immediately started accepting the sessions. All aspects of my application started working correctly. So much for so little.

 

Moral of the story, use NTP to ensure that your machines have their time set correctly.

 

from http://genotrance.wordpress.com/2006/11/23/session-cookies-rejected-by-internet-explorer/

[raglan22]

lemme double check that...

[raglan22]

Nope that's not it.

Any other suggestions?

[ManiacDan]

How many cookies does your browser have for your site?  Any more than a dozen and you'll get unexpected results.

[raglan22]

I only have

 

      $ProductNumber=$_SESSION['ProductNumber'];

      $ProductName=$_SESSION['ProductName'];

      $Size=$_SESSION['Size'];

      $Color=$_SESSION['Color'];

      $Price=$_SESSION['Price'];

      $Quantity=$_SESSION['Quantity'];

 

I'm not using any other cookies other than session cookies.

[ManiacDan]

None of those are cookies.  To check your cookies, view the cookies for the current site using your browser's options menu, or a firefox plugin like View Cookies.  Based on what you've said, I'm assuming cookies aren't the problem.

 

Is session_start being called on EVERY page?

[raglan22]

I am new to this so forgive me for silly questions but aren't sessions a type of cookies?

When I look for cookies in firefox it shows "PHPSESSID" as the cookie and a string of random looking characters as the data.

 

 

Anyway the answer to your second question is no. I'm not doing a session_start on every page - Only on the pages actually handling session data. Do I need to put a session start on every page even if that's the only PHP executed on the page?

 

[raglan22]

Also - and perhaps I should have asked this first but it's not really a coding question - Has anyone here had experience with getting a credit card processing service to work with a shopping cart they've written as opposed to a professional one they've paid for? I'm starting to wonder if maybe using an open source shopping cart would be better than this...

Thoughts?

[ManiacDan]

Ok, a couple things:

1)  Sessions are tracked via a cookie but they're not a type of cookie.  The PHPSESSID cookie (which is random) is used as the key to the user's current session.

 

2)  You only need session_start if that page will use the session, so don't add it to every page on the site, just every page that uses sessions.

 

3)  If there's only one cookie, these are the ways that cookie can be dropped:

A)  timezone/timestamp issues, see aykay above

B)  You are calling a session function somewhere that you shouldn't be

C)  The session cookie isn't being set for the right domain.

D)  your IE settings are wrong or otherwise broken.

 

4)  If you're just learning, you shouldn't be accepting credit card numbers.  Paypal or google checkout is the way to go.

 

Since this is an IE-only issue, it's probably nothing to do with your code.  Check your IE security settings and whatnot.

[raglan22]

I figured it might be an IE security settings issue but it's not - I made the site trusted and tried it on multiple computers.

 

As far as accepting credit card #'s I was a little worried at first, but I've got an experienced guy helping check my stuff to make sure it's all good - he's just unavailable right now.

 

Anyway, I'm cutting everything down to bare bones code. Maybe that'll help me find the problem.

[PFMaBiSmAd]

Is the symptom that your session id cookie (when you look in the browser) is being deleted or is the session data in your cart being deleted?

 

Sound's like some invalid html on a page that some browsers ignore the errors in but IE doesn't or redirects taking place or not in different browsers or a race condition in your php code (no exit; after a redirect) that doesn't show up in some browsers or browsers that request pages twice (I.E does this having something to do with the favicon file.)

 

Posting a sub-set of your code (less database username/password credentials) that reproduces the problem would be the quickest way for anyone here to help.

[raglan22]

One of my problems is that it's only happening in internet explorer and I can't error check very easily - I don't know how to tell whether the whole cookie has been deleted or just the data inside.

 

But yeah I'm going to simplify it all down and then post the code.

It might take me a while