|
|
I've been told that lately several users cannot log into a website using IE7, I think it's a SESSION cookie problem and I made a page for them to fix it, but the page isn't helping them.
Do you see any errors in the help?
http://dirtondirt.com/cookies-ie7.php
The site is over a year old and they say more and more users are having problems
The problem is that they can login but it immediately forgets them
The cookie part of the code is
| Code: | ini_set("session.gc_maxlifetime","3600");
ini_set('session.gc_probability', 5);
//get the right domain name cause if not ie(s) will drop the dam cookies
$domain = ($_SERVER['HTTP_HOST'] != 'localhost') ? $_SERVER['HTTP_HOST'] : false;
ini_set('session.cookie_domain',$domain);
session_start();
set_cookie_fix_domain('PHPSESSID',session_id(),time() + 3600,'/',$domain); |
---------------------------
Error
---------------------------
A Runtime Error has occurred.
Do you wish to Debug?
Line: 339
Error: Object expected
---------------------------
Yes No
---------------------------
this is the error i get in ie
The only HTML or javascript file that has a line 339 is the google analytics urchin.js
What does set_cookie_fix_domain do?
| Code: | | set_cookie_fix_domain('PHPSESSID',session_id(),time() + 3600,'/',$domain); |
| Code: | function set_cookie_fix_domain($Name, $Value = '', $Expires = 0, $Path = '', $Domain = '', $Secure = false, $HTTPOnly = false){
if (!empty($Domain)){
// Fix the domain to accept domains with and without 'www.'.
if (strtolower(substr($Domain, 0, 4)) == 'www.') $Domain = substr($Domain, 4);
$Domain = '.' . $Domain;
// Remove port information.
$Port = strpos($Domain, ':');
if ($Port !== false) $Domain = substr($Domain, 0, $Port);
}
header('Set-Cookie: ' . rawurlencode($Name) . '=' . rawurlencode($Value)
. (empty($Expires) ? '' : '; expires=' . gmdate('D, d-M-Y H:i:s', $Expires) . ' GMT')
. (empty($Path) ? '' : '; path=' . $Path)
. (empty($Domain) ? '' : '; domain=' . $Domain)
. (!$Secure ? '' : '; secure')
. (!$HTTPOnly ? '' : '; HttpOnly'), false);
} |
I'm not sure, maybe try just using set_cookie, see if that helps. Have you been able to reproduce it?
It works for me in IE7 (I now have IE8 because they could have gotten IE8 without knowing it, but it works in IE8 too). The site owners have gotten a few complaints of (about 8 users of hundreds) whose login is forgotten, it logs them in but when they view the next page, they're not logged in anymore. Their solution is to use firefox. I'm not a tech support expert so maybe there's something wrong in the instructions to fix IE7's cookie settings at
http://dirtondirt.com/cookies-ie7.php
I got an email this morning that the problem is back. So I added some verbose logging to a text file so every login attempt is recorded (as well as logoffs). One thing I noticed immediately was a "FunWebProducts" in some IE user agents. Which is some spyware that some say is a bot http://www.botsvsbrowsers.com/details/46472/index.html
The user with the problem switched to firefox. I have no idea if their IE is one of them.
I'm now thinking that a bot could be automatically clicking on the logoff link (in the browser's background) that's only there when logged in.
Is this a dumb theory?
| jmraker wrote: | I got an email this morning that the problem is back. So I added some verbose logging to a text file so every login attempt is recorded (as well as logoffs). One thing I noticed immediately was a "FunWebProducts" in some IE user agents. Which is some spyware that some say is a bot http://www.botsvsbrowsers.com/details/46472/index.html
The user with the problem switched to firefox. I have no idea if their IE is one of them.
I'm now thinking that a bot could be automatically clicking on the logoff link (in the browser's background) that's only there when logged in.
Is this a dumb theory? |
Is the logoff a link or a button? There's software around that prefetches linked pages. So you should always use a button for an action, not a link.
It's a link, if I can confirm that they're logging off soon after they're logging on, I'll change the link to a javascript call or a button.
| Stubru Freak wrote: | | jmraker wrote: | I got an email this morning that the problem is back. So I added some verbose logging to a text file so every login attempt is recorded (as well as logoffs). One thing I noticed immediately was a "FunWebProducts" in some IE user agents. Which is some spyware that some say is a bot http://www.botsvsbrowsers.com/details/46472/index.html
The user with the problem switched to firefox. I have no idea if their IE is one of them.
I'm now thinking that a bot could be automatically clicking on the logoff link (in the browser's background) that's only there when logged in.
Is this a dumb theory? |
Is the logoff a link or a button? There's software around that prefetches linked pages. So you should always use a button for an action, not a link. |
No, you should point out to your users that using such software will prevent them from logging on. Plugins like SwiftFox are horrible for the site owners, because they download far more than the user would normally look at. One to avoid.
| Fire Boar wrote: | | Stubru Freak wrote: | | jmraker wrote: | I got an email this morning that the problem is back. So I added some verbose logging to a text file so every login attempt is recorded (as well as logoffs). One thing I noticed immediately was a "FunWebProducts" in some IE user agents. Which is some spyware that some say is a bot http://www.botsvsbrowsers.com/details/46472/index.html
The user with the problem switched to firefox. I have no idea if their IE is one of them.
I'm now thinking that a bot could be automatically clicking on the logoff link (in the browser's background) that's only there when logged in.
Is this a dumb theory? |
Is the logoff a link or a button? There's software around that prefetches linked pages. So you should always use a button for an action, not a link. |
No, you should point out to your users that using such software will prevent them from logging on. Plugins like SwiftFox are horrible for the site owners, because they download far more than the user would normally look at. One to avoid. |
One thing you could do is make a hidden link (an a tag without content) that points to a page that adds a session variable. The next page the user loads will read that session variable, and tell the user to stop using the prefetching software. If you just block them from logging in, the user thinks your site is broken. He probably doesn't know why prefetching is bad.
Still, actions should always be POST buttons. That means that, for example, users will be warned when they try to go back to the log out page, instead of logging out again by accident.
| Stubru Freak wrote: | | Fire Boar wrote: | | No, you should point out to your users that using such software will prevent them from logging on. Plugins like SwiftFox are horrible for the site owners, because they download far more than the user would normally look at. One to avoid. |
One thing you could do is make a hidden link (an a tag without content) that points to a page that adds a session variable. The next page the user loads will read that session variable, and tell the user to stop using the prefetching software. If you just block them from logging in, the user thinks your site is broken. He probably doesn't know why prefetching is bad.
Still, actions should always be POST buttons. That means that, for example, users will be warned when they try to go back to the log out page, instead of logging out again by accident. |
Good point there.
|
