Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Sessions in IE not working
  • During development i noticed that whenever i try to login in my website with SimpleAuth, my sessions got killed whenever i put www in front of my url. This only happens in Internet Explorer.

    It happens with all my session variables.

    So, http://www.someurl.com doesn't remember the sessions in IE, but http://someurl.com does.
    Setting match_ua to false didn't work.

    Does anybody know a solution?

  • HarroHarro
    Accepted Answer
    They are two different hosts, so it's quite logical that your cookies aren't found. I'm amazed that you say that it does work in some browsers.
  • It actually happens when i start my session with www in front.

    For example: Whenever i set my session at http://www.someurl.com.
    By the time i get to http://www.someurl.com/nextpage the session is gone.

    And when i try to login at http://www.someurl.com/login, the session is killed whenever i redirect.
  • Ah, ok, you loose the session.

    As a test, set the session expiration in your config to zero. If that solves the problem, you have a timezone issue. Make sure your server is set to the correct time and timezone. Make sure Fuel is configured for that same timezone. And check if you PC's time and timezone settings are correct.

    This is the most common cause of session issues.
  • Doesn't seems to be the problem. I'm still loosing the session.
  • We're still talking about page requests from the same hostname, right? And we're talking about a valid hostname, not 'localhost' or some other non-RFC compliant name?

    Does IE have tools to check the request and response headers, so you can see if the cookie is send, and if so, what it's expiry is and what the payload is? And see if it is send back to the server on the next request?

    I find it still very odd that this is an IE issue only, and then only when you use a specific hostname...
  • Its all on the same valid host that's running online.

    I've been testing a the last few days. And it looks like its only a problem on my developers machine with IE 10. 

    I have been looking at the developers tool in IE and it looks like my cookies expire 1 hour earlier then i say they could, this also happens in chrome. So i probably didn't configure my timezone correct (i hope).
    Did i configure fuel correctly when i set the 'default_timezone' in config.php to 'Europe/Amsterdam'  and the server's timezone is also running in 'Europe/Amsterdam'?

    The strange thing is however that the following steps are working: 
    1) clear my cache, cookies, history, etc.
    2) login at http://www.someurl.com/login (success)

    But the folowing steps fail:
    1) clear my cache, cookies, history, etc.
    2) login at http://someurl.com/login (success)
    3) logout at http://someurl.com (success)
    4) login at http://www.someurl.com/login (will fail)

  • It doesn't really matter what your server timezone is, as long as the time set matches the timezone. So if your server is set to "Europe/Amsterdam", it's time must be set to local time. And in all cases the Fuel configured timezone must match the server timezone, and the configured gmt_offset must be zero.

    The same is true for your PC. If it is set to local time (usually the case for PC's), then the timezone must be set to you local timezone.

    The problem with time and timezone's is that cookie timestamps are in GMT. So on the server the timestamp must be converted from local time to GMT, and on your PC the browser will convert it back from GMT to (your) local time. If the timezones are off, this calculation goes wrong.

    But this is not IE10 specific, all browsers work this way, so if it is only an IE10 issue, I don't expect it to be a timezone issue. And anyway, setting the session expiration to 0 will give the session a two year timeout, and you wrote earlier that in that case you still have the issue.

    What exactly do you mean by "will fail"? The login itself fails? The page you get after you have logged in doesn't contain the session cookie? The session cookie is there, but is not send back on the next page request? The cookie is send back on the next request, but discarded by the application?

  • With "will fail" i mean that the Auth:check() returns false after the next page has loaded.

    If i set a cookie right before i redirect to the next page, it can retrieve it on the next page.
    But if i set a Session::set_flash, i cannot retrieve it on the next page with Session::get_flash.

    If i read the developers tools in IE 10 correctly, i can see that when i login with http://www.someurl.com/login it will send 2 fuelcid cookies, and retrieve 1.
    If i login with http://someurl.com/login it will send only 1 fuelcid.

  • The issue with the two cookies has been fixed some time ago. Which version are you using?

    Both cookies should contain the same session key, so that can't be the issue. Unless... The only possible issue with this that I can think of is that you use cookie based sessions, only one of the cookies contains your session variables, and IE picks the wrong one.
  • @Lars
    You try change     'match_ua'            => false, in config/Session.php
    // check for a user agent match after loading the cookie (optional, default = true)

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion