Fixing IE7 dropping PHP Sessions

After banging my head against the wall, and spending the better part of today trying to find out why my session variables were not being transferred from page to page in IE7, it worked fine in Firefox and Safari. The sessions not working were rendering MySpace OpenSocial App in Iframe and was dead to anyone using IE7. But the good news is i got it fixed (thanks to google), and the fix is so simple it’s ridiculous. Before you start your session, you need to declare a privacy policy in your header.

header('P3P: CP="CAO PSA OUR"');
ob_start();
session_start();

Other things learned during MySpace development.

Everything works just fine in FireFox, IE7 is the only culprit :p
If you try to send any OpenSocial request through MySpace IFPC library in IE7 before the page is fully loaded, IE7 will give alert error saying Object Not Found. To fix this wait for page load and then make request.
request.AdjustHeight() will not work in IE7 if Symfony’s development (frontend controller) environment is enabled.
I’ve already forgot a lot of things that I learned, will try to remember them again and bookmark them.

You should read

Posted by Faizan on: February 10th, 2009 | Posted in: Programming, Technology

25 Responses to “Fixing IE7 dropping PHP Sessions”

B@D on February 11th, 2009 at 5:02 PM

IE7 is still way better ( as microsoft proclaims & somehow it is ) than its old and stinky as shit previous version IE6.
The new IE8 is even worse. I installed a beta few weeks ago and it changed my OS Language to some Alien code shit.

B@D on February 11th, 2009 at 5:03 PM

One More thing.

Any IE version is a total crap. IE should be forbidden. I hope it will just disappear some day. It just give headaches to any web developer.

B@D on February 11th, 2009 at 5:07 PM

http://davidwalsh.name/

A very good Blog for PHP/MySQL and All.

prøXima on February 12th, 2009 at 12:56 AM

There is also problem with safari and iframe, if Iframe src is on other domain than parent, it will not save session cookie by default.
the only way to fix this is to set Accept Cookie as Always in preferences >> security.

hisie on March 22nd, 2010 at 7:31 PM

Hello Kryptic.
I have seen your solution, but i don’t know where to put this code. At the begining of the layout it gives me a notice because the session have been started yet. I would like to put it out of the symfony core files (not in lib/vendor/symfony/storage, neither other place inside vendor) to made it symfony version independant. Can you help me with this issue?

Kryptic on March 23rd, 2010 at 2:24 PM

@hisie
Well in symfony, one solution is to disable Automatic Session start in app’s factories.yml file and then start it manually in preExecute function of your module’s actions.class.php after setting header code.

hisie on April 6th, 2010 at 7:04 PM

@Kryptic
Thank you very much. It still does not work, but i have reported the issue to symfony trac (#8422). I have changed what you said leaving factories.yml:
**
storage:
class: sfSessionStorage

param:
session_name: casaruraltenerife
auto_start: false
**
and in the actions of the modules (them all):
**
public function preExecute(){
header(‘P3P: CP=”CAO PSA OUR”‘);
ob_start();
session_start();
}
**

Kryptic on April 8th, 2010 at 1:05 AM

@hisie
I don’t think this is problem with Symfony. The problem is with IE.
Can you tell me your scenario, what you’re trying to do?

Steph on December 15th, 2010 at 7:39 PM

Hi everybody!

Kryptic, I tried your method but it doesn’t work. Do you have some news from the issue you reported?

Thanks!

Kryptic on December 15th, 2010 at 10:30 PM

@STEPH, what issue exactly you’re getting?

Steph on December 16th, 2010 at 1:51 PM

Well, I lost the sessions with IE and Safari when cookies are not accepted by the user.
I am developping a Symfony application and I use sessions to pass data between the actions…
In local it seems to work normally but not in the production environment (I am hosted in OVH…)
Do you have some ideas to help me?

Thank you!

Kryptic on December 16th, 2010 at 2:30 PM

On local if user cookies are not accepted by IE or Safari and it still works then maybe there is something wrong with your OVH hosting?

Steph on December 16th, 2010 at 3:11 PM

Maybe but what?

Kryptic on December 16th, 2010 at 3:21 PM

But why you need to turn off cookies? have you debugged by echoing session_id on every page? does it get changed everytime?
Is your application in iframe?

Steph on December 16th, 2010 at 3:29 PM

Yes, it is a Facebook application so in an iframe and the session is lost when another iframe is opened so we have an iframe in another iframe… It is a problem?

Kryptic on December 16th, 2010 at 3:57 PM

Yes, iframe is problem but you can fix the problem like this.
disable symfony’s Automatic Session start in app’s factories.yml file
and then in symfony’s action class preExecute function, manually start session like this, you’ve to first get facebook’s session_key and then set it as php session id.

session_id(md5($facebook->api_client->session_key));
session_start();

I hope this will work, let me know if it doesn’t

Steph on December 16th, 2010 at 4:11 PM

Thanks for your help!
But are you sure of this syntax? Because I have this error:

Notice: Undefined property: Facebook::$api_client

kryptic on December 16th, 2010 at 6:30 PM

No, that code was just for help. You have to get facebook session id from the facebook api object you are making.

Steph on December 16th, 2010 at 7:17 PM

$this->facebook->getSession() returns an array with “sig” attributes that I passed to the session_id in a preExecute in the actions of the 3 modules I use but it is a fail… Now sessions don’t work on IE nor on others browsers :/
In my factories.yml, I only need to put the following lines, right?

storage:
class: sfSessionStorage
param:
auto_start: false

I don’t know how I can fix this issue :/
Actually, I need to retrieve the user id in a few actions of different modules so maybe there is another solution instead of passing data by session… Do you have an idea?

Thank you so much for everything!

Steph on December 16th, 2010 at 8:40 PM

I think I forgot a main point:

In my main page, there are a map and the links to go to others pages are markers in the map so they are javascript links, not php! It is not a problem to maintain sessions?

Kryptic on December 16th, 2010 at 9:11 PM

I did some research on internet and found this
http://developers.facebook.com/docs/best-practices#miscellaneous-issues you can check the link mentioned under “Cross-domain cookies do not work in Safari” http://anantgarg.com/2010/02/18/cross-domain-cookies-in-safari/
You should try this method.

Steph on December 21st, 2010 at 7:01 PM

Thank you very much for your help. I didn’t try but I will do it and I will tell you if it works…

Thank you so much

bimbolera on April 27th, 2011 at 9:51 AM

hi, great post but will this affect the session in my app? or should i session destroy after i called and used the script you’ve shown above?

thanks.

Kryptic on April 27th, 2011 at 2:41 PM

@Bimbolera No, it will not affect the session in your app, you don’t need to destroy session after this script.

Vivien Malone on May 17th, 2011 at 5:08 PM

Do you people have a facebook fan page for Fixing IE7 dropping PHP Sessions? I looked for 1 on the internet but could not come across one, I would love to become a follower!

levelx.me