Menu
Curious problem.
Newly developed website, uses 3rd party login system which uses sessions (surprise!). Website works perfectly on all instances, on all browsers except Internet Explorer 11 (and possibly previous versions, unchecked).
Header does not to do a redirect on every affected page_ in domain name or URL.a) Each page has a controller file with header information included on it:
header("Cache-Control: no-cache, must-revalidate"); //HTTP 1.1
header("Expires: Thu, 19 Nov 2011 08:52:00 GMT"); // Date in the past
header('Content-Type: text/html; charset=utf-8');
header("X-Clacks-Overhead: GNU Terry Pratchett");
header_remove("X-Powered-By");
header("X-XSS-Protection: 1; mode=block");
header("X-Frame-Options: SAMEORIGIN");
header("X-Content-Type-Options: nosniff");
header("Content-Language: en");
header("Content-Security-Policy: upgrade-insecure-requests;");
header("Referrer-Policy: origin-when-cross-origin"); //referrer for Chrome
header("Referrer-Policy: strict-origin-when-cross-origin");
if (isset($_SERVER['HTTP_USER_AGENT']) &&
(strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false)){
header('X-UA-Compatible: IE=edge,chrome=1');
}
b) As part of this process; a cookie check is carried out to know if the cookies are enabled on the client browser. This is done across both login/access controlled and public site areas.
if($_COOKIE['cookieEnabled'] !== "yes") {
\setcookie('cookieEnabled', "yes", time() + 42000, "/", $_SERVER['HTTP_HOST'], true, true);
}
All it is , is a cookie that says "yes" , cookies are enabled if the cookie is not already set. Simple.
c) Below this; there is controller code to load the session variables and do other stuff for the 3rd party admin side of things.
// Create / Include the Session Object - Session.php
$session = new Session($db);
d) I have setup a testing statment within the Session.php __construct to do this:
session_start();
if($_COOKIE['cookieEnabled'] !== "yes" && empty($_SESSION)) {
error_log("INFO: An access attempt without a session or cookie was attempted...");
if($_COOKIE['cookieEnabled'] !== "yes"){
error_log("Cookie does not appear to be enabled");
}
die("unimportant debug error");
}
Note that the session array will never be empty as it's prepopulated on previous pages;
e) The [local] PHP.ini is thus:
session.cookie_secure=1
default.charset=utf-8
error_log=/home/domainaccount/error/PHP_error.log
session.save_path=/home/domainaccount/sessionz
session.cookie_domain=domain.org.uk
NOTE: The web path is:
/home/domainaccount/public_html/
The PHP.ini values have been checked with phpinfo() and are set correctly.
I load the website in various browsers and it logs in just fine, all works, session data is carried.
However on IE11 it does not. It simply comes back with a blank screen, no errors, no feedback (aka session data passed back to login page), and no code-based error logs.
Error log shows:
INFO: An access attempt without a session or cookie was attempted...
A whole bunch of times but no indication that the cookie is denied, simply the session.
Unsurprisingly, the login page features a header location redirect for both success and failed login attempts.
IE version number: 11.248.16299.0.
IE cookie settings: first party cookies accepted, third party cookies accepted, always allow session cookies.
1) Why does this occur ONLY for IE?
2) How can I solve this (change my headers, cookie setup, etc.?)
379
Enable cookiesScroll down to Cookies, and select Don't block cookies Internet Explorer In Internet Explorer, in the menu bar, select Tools > Internet options > Privacy > Advanced. Select Accept or Prompt under First-party Cookies, and Accept or Prompt under Third-party Cookies. Select OK.
In the the Internet Explorer cache. Click on the gear icon, then Internet options. In the General tab, underneath “Browsing history”, click on Settings. In the resulting “Website Data” dialog, click on View files.
Click Start in Taskbar and then click Internet Explorer. Double Click IE shortcut from desktop. In Internet Explorer, open 'File' in Menu bar and select New Session. In Internet Explorer, open 'File' in Menu bar and select New Window.
Some versions of IE silently drop cookies if the server time is in the past compared to the client time. Properly setting server/client time may help.
That's horrific -- servers will be far more accurate timekeepers than client browsers. Can you reference this at all?
I came across it once in a description from someone else on GitHub and it fixed my problem.
As a side note, since you explicitly called out no underscores in the domain, are you aware that leading numerals are also invalid URLs according to the RFC and IE also has problems with them?
79
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
