FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


IE7 users can't log into a site I help manage





jmraker
I've been told that lately several users cannot log into a website using IE7, I think it's a SESSION cookie problem and I made a page for them to fix it, but the page isn't helping them.

Do you see any errors in the help?
http://dirtondirt.com/cookies-ie7.php

The site is over a year old and they say more and more users are having problems
The problem is that they can login but it immediately forgets them

The cookie part of the code is

Code:
   ini_set("session.gc_maxlifetime","3600");
   ini_set('session.gc_probability', 5);
   //get the right domain name cause if not ie(s) will drop the dam cookies
   $domain = ($_SERVER['HTTP_HOST'] != 'localhost') ? $_SERVER['HTTP_HOST'] : false;
   ini_set('session.cookie_domain',$domain);
   session_start();
   set_cookie_fix_domain('PHPSESSID',session_id(),time() + 3600,'/',$domain);
umeshtangnu
---------------------------
Error
---------------------------
A Runtime Error has occurred.
Do you wish to Debug?

Line: 339
Error: Object expected
---------------------------
Yes No
---------------------------

this is the error i get in ie
jmraker
The only HTML or javascript file that has a line 339 is the google analytics urchin.js
Stubru Freak
What does set_cookie_fix_domain do?
jmraker
Code:
set_cookie_fix_domain('PHPSESSID',session_id(),time() + 3600,'/',$domain);

Code:
function set_cookie_fix_domain($Name, $Value = '', $Expires = 0, $Path = '', $Domain = '', $Secure = false, $HTTPOnly = false){
  if (!empty($Domain)){
    // Fix the domain to accept domains with and without 'www.'.
    if (strtolower(substr($Domain, 0, 4)) == 'www.')  $Domain = substr($Domain, 4);
    $Domain = '.' . $Domain;

    // Remove port information.
    $Port = strpos($Domain, ':');
    if ($Port !== false)  $Domain = substr($Domain, 0, $Port);
  }

  header('Set-Cookie: ' . rawurlencode($Name) . '=' . rawurlencode($Value)
           . (empty($Expires) ? '' : '; expires=' . gmdate('D, d-M-Y H:i:s', $Expires) . ' GMT')
           . (empty($Path) ? '' : '; path=' . $Path)
           . (empty($Domain) ? '' : '; domain=' . $Domain)
           . (!$Secure ? '' : '; secure')
           . (!$HTTPOnly ? '' : '; HttpOnly'), false);
}
Stubru Freak
I'm not sure, maybe try just using set_cookie, see if that helps. Have you been able to reproduce it?
jmraker
It works for me in IE7 (I now have IE8 because they could have gotten IE8 without knowing it, but it works in IE8 too). The site owners have gotten a few complaints of (about 8 users of hundreds) whose login is forgotten, it logs them in but when they view the next page, they're not logged in anymore. Their solution is to use firefox. I'm not a tech support expert so maybe there's something wrong in the instructions to fix IE7's cookie settings at
http://dirtondirt.com/cookies-ie7.php
jmraker
I got an email this morning that the problem is back. So I added some verbose logging to a text file so every login attempt is recorded (as well as logoffs). One thing I noticed immediately was a "FunWebProducts" in some IE user agents. Which is some spyware that some say is a bot http://www.botsvsbrowsers.com/details/46472/index.html

The user with the problem switched to firefox. I have no idea if their IE is one of them.

I'm now thinking that a bot could be automatically clicking on the logoff link (in the browser's background) that's only there when logged in.

Is this a dumb theory?
Stubru Freak
jmraker wrote:
I got an email this morning that the problem is back. So I added some verbose logging to a text file so every login attempt is recorded (as well as logoffs). One thing I noticed immediately was a "FunWebProducts" in some IE user agents. Which is some spyware that some say is a bot http://www.botsvsbrowsers.com/details/46472/index.html

The user with the problem switched to firefox. I have no idea if their IE is one of them.

I'm now thinking that a bot could be automatically clicking on the logoff link (in the browser's background) that's only there when logged in.

Is this a dumb theory?


Is the logoff a link or a button? There's software around that prefetches linked pages. So you should always use a button for an action, not a link.
jmraker
It's a link, if I can confirm that they're logging off soon after they're logging on, I'll change the link to a javascript call or a button.
Fire Boar
Stubru Freak wrote:
jmraker wrote:
I got an email this morning that the problem is back. So I added some verbose logging to a text file so every login attempt is recorded (as well as logoffs). One thing I noticed immediately was a "FunWebProducts" in some IE user agents. Which is some spyware that some say is a bot http://www.botsvsbrowsers.com/details/46472/index.html

The user with the problem switched to firefox. I have no idea if their IE is one of them.

I'm now thinking that a bot could be automatically clicking on the logoff link (in the browser's background) that's only there when logged in.

Is this a dumb theory?


Is the logoff a link or a button? There's software around that prefetches linked pages. So you should always use a button for an action, not a link.


No, you should point out to your users that using such software will prevent them from logging on. Plugins like SwiftFox are horrible for the site owners, because they download far more than the user would normally look at. One to avoid.
Stubru Freak
Fire Boar wrote:
Stubru Freak wrote:
jmraker wrote:
I got an email this morning that the problem is back. So I added some verbose logging to a text file so every login attempt is recorded (as well as logoffs). One thing I noticed immediately was a "FunWebProducts" in some IE user agents. Which is some spyware that some say is a bot http://www.botsvsbrowsers.com/details/46472/index.html

The user with the problem switched to firefox. I have no idea if their IE is one of them.

I'm now thinking that a bot could be automatically clicking on the logoff link (in the browser's background) that's only there when logged in.

Is this a dumb theory?


Is the logoff a link or a button? There's software around that prefetches linked pages. So you should always use a button for an action, not a link.


No, you should point out to your users that using such software will prevent them from logging on. Plugins like SwiftFox are horrible for the site owners, because they download far more than the user would normally look at. One to avoid.


One thing you could do is make a hidden link (an a tag without content) that points to a page that adds a session variable. The next page the user loads will read that session variable, and tell the user to stop using the prefetching software. If you just block them from logging in, the user thinks your site is broken. He probably doesn't know why prefetching is bad.

Still, actions should always be POST buttons. That means that, for example, users will be warned when they try to go back to the log out page, instead of logging out again by accident.
Fire Boar
Stubru Freak wrote:
Fire Boar wrote:
No, you should point out to your users that using such software will prevent them from logging on. Plugins like SwiftFox are horrible for the site owners, because they download far more than the user would normally look at. One to avoid.


One thing you could do is make a hidden link (an a tag without content) that points to a page that adds a session variable. The next page the user loads will read that session variable, and tell the user to stop using the prefetching software. If you just block them from logging in, the user thinks your site is broken. He probably doesn't know why prefetching is bad.

Still, actions should always be POST buttons. That means that, for example, users will be warned when they try to go back to the log out page, instead of logging out again by accident.


Good point there.
Related topics
How To : Secure Your PHP Website
FTP Codes
Cannot log into my cPanel: It says "Unactivated License
Protect Your Site, Or suffer the consiquences
CMS and forum integration using DirectAdmin
special shout box required - large amount of fri$$ offered
Master Tutorial on SEO
Fatal error in chat
WoW-How To Install AddOns And Best AddOns
Problems with adding Mod Users. (Need Help)
Cant log into cpanel
Cannot log into cPanel
I'm still a noobie at home networks, please help...
Site not displying aftr installing WP Help reqd urgently :(
Reply to topic    Frihost Forum Index -> Scripting -> Others

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.