During development i noticed that whenever i try to login in my website with SimpleAuth, my sessions got killed whenever i put www in front of my url. This only happens in Internet Explorer.
As a test, set the session expiration in your config to zero. If that solves the problem, you have a timezone issue. Make sure your server is set to the correct time and timezone. Make sure Fuel is configured for that same timezone. And check if you PC's time and timezone settings are correct.
We're still talking about page requests from the same hostname, right? And we're talking about a valid hostname, not 'localhost' or some other non-RFC compliant name?
Does IE have tools to check the request and response headers, so you can see if the cookie is send, and if so, what it's expiry is and what the payload is? And see if it is send back to the server on the next request?
I find it still very odd that this is an IE issue only, and then only when you use a specific hostname...
Its all on the same valid host that's running online.
I've been testing a the last few days. And it looks like its only a problem on my developers machine with IE 10.
I have been looking at the developers tool in IE and it looks like my cookies expire 1 hour earlier then i say they could, this also happens in chrome. So i probably didn't configure my timezone correct (i hope).
Did i configure fuel correctly when i set the 'default_timezone' in config.php to 'Europe/Amsterdam' and the server's timezone is also running in 'Europe/Amsterdam'?
The strange thing is however that the following steps are working:
It doesn't really matter what your server timezone is, as long as the time set matches the timezone. So if your server is set to "Europe/Amsterdam", it's time must be set to local time. And in all cases the Fuel configured timezone must match the server timezone, and the configured gmt_offset must be zero.
The same is true for your PC. If it is set to local time (usually the case for PC's), then the timezone must be set to you local timezone.
The problem with time and timezone's is that cookie timestamps are in GMT. So on the server the timestamp must be converted from local time to GMT, and on your PC the browser will convert it back from GMT to (your) local time. If the timezones are off, this calculation goes wrong.
But this is not IE10 specific, all browsers work this way, so if it is only an IE10 issue, I don't expect it to be a timezone issue. And anyway, setting the session expiration to 0 will give the session a two year timeout, and you wrote earlier that in that case you still have the issue.
What exactly do you mean by "will fail"? The login itself fails? The page you get after you have logged in doesn't contain the session cookie? The session cookie is there, but is not send back on the next page request? The cookie is send back on the next request, but discarded by the application?
With "will fail" i mean that the Auth:check() returns false after the next page has loaded.
If i set a cookie right before i redirect to the next page, it can retrieve it on the next page.
But if i set a Session::set_flash, i cannot retrieve it on the next page with Session::get_flash.
If i read the developers tools in IE 10 correctly, i can see that when i login with http://www.someurl.com/login it will send 2 fuelcid cookies, and retrieve 1.
The issue with the two cookies has been fixed some time ago. Which version are you using?
Both cookies should contain the same session key, so that can't be the issue. Unless... The only possible issue with this that I can think of is that you use cookie based sessions, only one of the cookies contains your session variables, and IE picks the wrong one.