php session id and ajax, javascript_问答_开发者

开发者 https://www.devze.com 2022-12-12 04:19 出处：网络

It has come to my attention that my website is not working correctly under many versions of Internet Explorer. After looking around everywhere, I did a \"cookie\" test (http://www.rgagnon.com/jsdetail

It has come to my attention that my website is not working correctly under many versions of Internet Explorer. After looking around everywhere, I did a "cookie" test (http://www.rgagnon.com/jsdetails/js-0092.html), and realized that cookies are not working when I use any version of IE, but开发者_如何学C works fine with Chrome, Firefox, Safari ...

It seems that when cookies are not working, then my session variables keep disappearing. I use php session. Isn't PHP supposed to deal with that problem automatically?

I do use some javascript window.location, and some ajax calls (phplivex). Could it be because of that? Does it not append the phpsessionid at the end of all urls no matter what?

Could it be the timezone issue? See Session cookies rejected by Internet Explorer.

Final Solution

The timezone issue did give me a hint to check the time on my client and server. My client is a Windows laptop which had the correct time and timezone thanks to being synchronized with the NTP protocol. My server on the other hand was out of sync.

The timezone was correct, but the UTC time was set to my local time instead. As a result, the server was actually six hours in the past as far as the client was concerned. A timeout of one hour would have expired in the past for an IE instance running on my client. No wonder IE was rejecting my sessions.

I ran ntpdate to fix my time and then reset my timezone using tzselect.
# ntpdate pool.ntp.org
# tzselect
I then refreshed IE which immediately started accepting the sessions. All aspects of my application started working correctly. So much for so little.

Moral of the story, use NTP to ensure that your machines have their time set correctly.

So basically make sure the UTC time is correct on your server and for good measure explicitly set the PHP timezone (you'll get a warning under E_STRICT if you don't anyway).

nute are you sure this not have to do with your particular IE install. have you tried on different machine ?

As a whole workaround you can to use use_trans_sid, it would make the session id passed by URL instead of cookie. WARNING use_trans_sid can create big security problems so I think you have better to investigate where the problem come from and if you really don't find any solution use this.