I have been racking my brains trying to figure out why my login code (PHP) works fine in Chrome & Firefox, but not in Internet Explorer (since it’s server-side code!). I believe IE8 may be caching my page, although I am not sure. Basically, I have a small CMS for handling the content that appears in a Flash panel. The first page the user sees is a login page. However, in IE, hitting the submit button merely results in the login page being reloaded (and I am positive that I am entering the correct username/password combination).
In the name of simplicity, I have included all of my code in one file. The relevant code is:
<?php
if (!userIsLoggedIn())
{
include ‘login.html.php’;
exit();
}
...
?>
It is this include file that keeps getting reloaded. I have tried adding an Expiry header and a Pragma: no-cache header, but I still run into the same problem.
I have searched through this forum with the hope that someone will have already solved a similar problem, but did not see anything. If I somehow missed a similar post, I sincerely apologize.
I basically learned PHP for this project I have been working on, so needless to say, I am pretty new to it. So if you need more information before helping me will be possible, please let me know.
Never store the password in the session. It’s unneccesary and it’s a security leak!
That being said, I don’t see anything in the code that wouldn’t work in IE. The only thing I can think of, like hash said, is that cookies are disabled.
Thanks for the replies. First of all, I use the extension .html.php for HTML files that will be included by my main PHP files. I want to keep my PHP as separate from my HTML as possible. So, for example, if I have the page index.php, the corresponding include would be index.html.php.
In response to your request to post more code, the userIsLoggedIn function is:
function userIsLoggedIn()
{
if (isset($_POST['action']) and $_POST['action'] == 'login')
{
if (!isset($_POST['email']) or $_POST['email'] == '' or !isset($_POST['password']) or $_POST['password'] == '')
{
$GLOBALS['loginError'] = 'Please enter a valid email address and password.';
return FALSE;
}
$password = md5($_POST['password'] . 'additionalPhrase');
if (databaseContainsUser($_POST['email'], $password))
{
session_start();
$_SESSION['loggedIn'] = TRUE;
$_SESSION['email'] = $_POST['email'];
$_SESSION['password'] = $password;
return TRUE;
}
else
{
session_start();
unset($_SESSION['loggedIn']);
unset($_SESSION['email']);
unset($_SESSION['password']);
$GLOBALS['loginError'] = 'Your email and password did not match.';
return FALSE;
}
}
if (isset($_POST['action']) and $_POST['action'] == 'logout')
{
session_start();
unset($_SESSION['loggedIn']);
unset($_SESSION['email']);
unset($_SESSION['password']);
header('Location: ' . $_POST['goto']);
exit();
}
session_start();
if (isset($_SESSION['loggedIn']))
{
return databaseContainsUser($_SESSION['email'], $_SESSION['password']);
}
}
The relevant portion of the login.html.php page is (the HTML immediately follows the PHP):
Basically, a browser won’t cache a page if you use a POST request. It’s very nature means things can change, so caching is not an option browser side. If you’re not doing any caching server side, then I am somewhat stumped. You can try some basic debugging: redirect to a new page on success/fail, echo messages (eg, what’s in the session), exit at various points, etc.