Internet Explorer 8 doesn't pass session cookie for ajax request

Question

I have simple php application, it works on all browsers except on IE8 beta 2, problem occurs when I try to update table field using Ajax call (jQuery post method). Using IE8 debugger I figure out that IE8 doesn't send session cookie so php scripts redirects to login page instead of executing requested action.

What can I do to make this work.

Edit: I haven't mention that i was using Code Igniter so i have solved this problem by replacing Code Igniter default session implementation with native one. Code igniter default session implementation uses cookie to store all data.

Answer 1

Yesterday I had similar problem and found the solution. I hope this will help someone else also.

Problem: Suppose there's a website www.somewebsite.com and IFRAME inside it whcih loads php file from my server, www.myserver.com/welcome.php. Website was loading successfully as well as my welcome page and it showed something like "Hello Bob", so it successfully found user and logged him in.

Afterwards my JavaScript was making AJAX calls to another PHP file, and response was kind of in "not authorized" state, so SESSION data was completely missing. After page refresh, everything was working correctly. And this was happening only under IE8!

I thought that problem was with sending session cookies to the server, but when I installed Fiddler, I found that IE8 was sending cookies as well as PHPSESSID correctly, but server was kind of unable to detect correct SESSION object. Another strange thing was that 2nd time server sent following header:

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

but first time no. After adding that header manually in PHP script, everything worked like a charm!

Then, when I googled that "p3p abracadabra", I found following web site:

http://adamyoung.net/IE-Blocking-iFrame-Cookies

Conclusion: Make sure that you're sending the header on every page that sets a cookie.

And this is not only related to IE8 + PHP combination, same problem happens in case of IE8 + ASP.NET, IE8 + JSP, etc.

Answer 2

I don't have IE8 myself, but your cookie might be blocked by Internet Explorer's strange security policies. A possible workaround can be to employ P3P (which is also the method for getting cookies working inside an IFRAME).

Generating the right P3P policy can be a bit of work, but you should be able to find the information you need at http://www.p3ptoolbox.org/