My $_SESSION cookies are working fine in Firefox, Chrome, Safari and Opera but not in IE, which only sets the TLD and a forward slash for path. For instance, having specified my domain as ‘example.net’ with session.cookie_domain and the path as /whatever/ with session.cookie_path in the php.ini file, the cookie looks like this in IE:
[TABLE=“width: 400”]
[TR]
[TD=“class: title”]NAME [/TD]
[TD]display[/TD]
[/TR]
[TR]
[TD=“class: title”]VALUE[/TD]
[TD]205fce58a70be18da6cf33a96ebb9877[/TD]
[/TR]
[TR]
[TD=“class: title”]DOMAIN[/TD]
[TD].net[/TD]
[/TR]
[TR]
[TD=“class: title”]PATH[/TD]
[TD]/[/TD]
[/TR]
[TR]
[TD=“class: title”]EXPIRES[/TD]
[TD]At the end of the Session[/TD]
[/TR]
[/TABLE]
Various $_SESSION cookies I checked out from other sites also look like this in IE. Are we overlooking something essential about declaring a session or is this another IE issue?
Yep. I’ve tried just about every permutation I can think of including ‘www.example.net’ as well as ‘.example.net’ but IE just will not play ball with my sessions. Also ‘/whatever/’ gets truncated to ‘/’ which isn’t very useful.
It’s very frustrating because of course the sessions will not work despite the cookies being set.
Thanks for that advice and my apologies for not responding earlier: I haven’t been at my desk since my last post to this thread.
I tried setting the header as your example above at the top of the PHP file I run when the page loads and I also tried it with a few other preference settings in case your example was disagreeable to Medium High privacy on IE8. I also tried setting it via .htaccess like so:
Since I’m unfamiliar with P3P, I read up on the spec and I’m now wondering if this is enough or do I need to supply a privacy policy, which would be a bit much, frankly, since the cookie is only required for temporary data collection during form validation.
Also I’m not clear why IE does this to session cookies when it doesn’t mess up the parameters of a standard cookie that I also set on this site.