Menu
I have a problem with a website where PHP does not save session variables for specific users with Internet Explorer. But for some other users with Internet Explorer there is no problem at all, and users with other browsers also do not have any problems.
I created the following three small scripts to make sure no other code in the website was involved:
test.php:
<?php
session_start();
function logMsg($text) {
$filename = dirname(__FILE__) . "/test.log";
$fh = fopen($filename, "a") or die("Could not open log file.");
fwrite($fh, date("d-m-Y, H:i")." - $text\n") or die("Could not write file!");
fclose($fh);
}
ob_start();
var_dump(session_id(), $_SESSION, $_SERVER, $_REQUEST);
$content = ob_get_clean();
logMsg("test.php");
logMsg($content);
$_SESSION['test'] = array('test' => 'lalala');
$_SESSION['count'] = 1;
?>
<a href="test2.php">Next</a>
test2.php:
<?php
session_start();
function logMsg($text) {
$filename = dirname(__FILE__) . "/test.log";
$fh = fopen($filename, "a") or die("Could not open log file.");
fwrite($fh, date("d-m-Y, H:i")." - $text\n") or die("Could not write file!");
fclose($fh);
}
ob_start();
var_dump(session_id(), $_SESSION, $_SERVER, $_REQUEST);
$content = ob_get_clean();
logMsg("test2.php");
logMsg($content);
$_SESSION['count']++;
?>
<a href="test3.php">Next</a>
test3.php:
<?php
session_start();
function logMsg($text) {
$filename = dirname(__FILE__) . "/test.log";
$fh = fopen($filename, "a") or die("Could not open log file.");
fwrite($fh, date("d-m-Y, H:i")." - $text\n") or die("Could not write file!");
fclose($fh);
}
ob_start();
var_dump(session_id(), $_SESSION, $_SERVER, $_REQUEST);
$content = ob_get_clean();
logMsg("test3.php");
logMsg($content);
The expected output for the var_dump($_SESSION) would be something like:
array(0) {
}
array(2) {
["test"] => array(1) {
["test"] => string(6) "lalala"
},
["count"] => int(1)
}
array(2) {
["test"] => array(1) {
["test"] => string(6) "lalala"
},
["count"] => int(2)
}
However, the output for the users with the problem is the following:
array(0) {
}
array(0) {
}
array(1) {
["count"] => int(1)
}
This means that the session variables are not stored for these users. However, the session ID for the users with problems is the same for all 3 test pages.
Does somebody have any idea what this could be? As far as I know the problematic code has worked for several years and the problems started showing in the last month or so.
Edit
Answers to questions in the comments:
Edit 2
As stated by @nl-x in a comment the data gets stored in the second request. So I adapted the test scenario and added another step to see if the sessions works in subsequent requests. And this is the case. Session data set in step2.php and step3.php are saved between requests.
So now the question is why does session data for the first request get lost and not for subsequent requests?
572
I figured out that the users that were having the problems all had Chrome Frame installed. I verified this by installing Chrome Frame on a local machine, and in this case I was able to replicate the problems.
The problems were caused by the fact that our server has Suhosin installed. The following Suhosin settings were enabled:
suhosin.session.cryptua
suhosin.cookie.cryptua
This means that the User Agent string is also a part of the identification of a user's session. Normally this is not a problem, but for users with the Chrome frame installed the User Agent string differs between the first request and the subsequent requests. After disabling these Suhosin settings there were no more problems.
106
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With