I keep having some of my website users contact me saying they can’t login. When I login with their username and password I get in just fine. I can understand if it was just one or two people, but I’m starting to see a trend with the number who have reported this issue.
Is it possible they have something turned off in their web browser settings that would render a PHP session useless? I didn’t include any cookie code on my website, so I don’t think that is the culprit.
There are two ways for sessions to work - one involves storing the session id in a session cookie - the other involves passing the session id from page to page in the querystring on the end of the address.
Either one can be turned off on the server end to restrict the session to use the other.
If your users completely disable cookies then using the querystring is the only way they can get the session to work and if you turned off that option so as to stop the session id appearing in the address bar then they have no way for the session to work.
Ok, please be patient with me as sessions are not my strong point. So if the session is maintained by a cookie on the server, it doesn’t matter if the client has cookies turned off or not, right? So please help me understand why most of my users can login just fine, while others continue to complain that they can’t get in? If I set ‘SESSION: use_only_cookies’ = on, will this somehow fix this situation?
No, cookies are placed on the clients machine, not the server, if the client has turned cookies off then your server is not permitted to put those cookies on the clients machine.
If your not passing very sensitive information over the sessions you can get by with the Use_Only_Cookies turned OFF. Then in the event that the client doesnt allow cookies the session data will be passed via the URL.
You could also put a check in the landing page of your site to check see if the client is accepting cookies, if not tell them that they must accept cookies to use your site to its full extent.
Ok, I’m still confused. I have Use_Only_Cookies turned off right now which, according to what you’re saying, the session data will be passed via the URL if the client has cookies turned off. So it sounds like a fail proof way of maintaining a session, yet, still a few of my users can not login. What else could be causing this? When I login with their account info, I get right in.
Go back to what was mentioned in LSC-Robs post, have you asked the ones that cant log in what browser and issue they are using, may be youve a problem with your code for certain browsers. For example IE6 suffered a bug that wouldnt allow certain users to type into forms.
Do you know why these people couldnt log in, was the form accepting them and just not accepting the fields, what errors were they getting and do those errors give you any clues about whether it was the username or /and password that caused the rejection.
Do you have a URL we can look at ? is it the one in your sig ?
You could always set up a function that grabs the browser info for each of your users when they try to login page, and adds the details to a log file on your server. That way your gonna get some usable data as to who is finding problems and any common ground between them.