I'm working on a site that has a My Account section that the user has to login to. I'm storing the users basic information in the session after they have logged in.
I'm having no problem in Chrome or Firefox with this. However, in IE 8 I login, and it redirects to the main back office page. It loads, but right after the session is cleared. I tested this by printing the session after session_start()
then again at the end of the page. All the information is there when the page loads. If I open a separate page and print out the session right after, it's already cleared. Again, only in IE does this happen.
Is there something I'm missing here?
CODE
This is the code on all of the Account pages.
<?php
require_once('inc_session.php');
require_once('bo_session_check.php');
?>
On the page logged into (backoffice.php), the only other time the session is used, is when it is read to determine what kind of account the person has logged into, for example:
<?php if($_SESSION['user_type']=='member'){?>
Code for inc_session.php
<?php
if(!isset($_SESSION['is_mobile'])){
$mobile_browser = '0';
if (preg_match('/(up.browser|up.link|mmp|symbian|smartphone|midp|wap|phone|android)/i', strtolower($_SERVER['HTTP_USER_AGENT']))) {
$mobile_browser++;
}
if ((strpos(strtolower($_SERVER['HTTP_ACCEPT']),'application/vnd.wap.xhtml+xml') > 0) or ((isset($_SERVER['HTTP_X_WAP_PROFILE']) or isset($_SERVER['HTTP_PROFILE'])))) {
$mobile_browser++;
}
$mobile_ua = strtolower(substr($_SERVER['HTTP_USER_AGENT'], 0, 4));
//echo $_SERVER['HTTP_USER_AGENT'];
$mobile_agents = array(
'w3c ','acs-','alav','alca','amoi','audi','avan','benq','bird','blac',
'blaz','brew','cell','cldc','cmd-','dang','doco','eric','hipt','inno',
'ipaq','java','jigs','kddi','keji','leno','lg-c','lg-d','lg-g','lge-',
'maui','maxo','midp','mits','mmef','mobi','mot-','moto','mwbp','nec-',
'newt','noki','oper','palm','pana','pant','phil','play','port','prox',
'qwap','sage','sams','sany','sch-','sec-','send','seri','sgh-','shar',
'sie-','siem','smal','smar','sony','sph-','symb','t-mo','teli','tim-',
'tosh','tsm-','upg1','upsi','vk-v','voda','wap-','wapa','wapi','wapp',
'wapr','webc','winw','winw','xda ','xda-');
if (in_array($mobile_ua,$mobile_agents)) {
$mobile_browser++;
}
if (strpos(strtolower($_SERVER['ALL_HTTP']),'OperaMini') > 0) {
$mobile_browser++;
}
if (strpos(strtolower($_SERVER['HTTP_USER_AGENT']),'ipad') > 0) {
$mobile_browser++;
}
if (strpos(strtolower($_SERVER['HTTP_USER_AGENT']),'windows') > 0) {
$mobile_browser = 0;
}
if ($mobile_browser > 0) {
$_SESSION['is_mobile']='yes';
}
else {
$_SESSION['is_mobile']='no';
}
}
/* TURN MOBILE SITE OFF */
//$_SESSION['is_mobile']='no';
$page=strtok($_SERVER["REQUEST_URI"],'?');
if(substr($page, 0, 3)!="/m/" && $_SESSION['is_mobile']=='yes' && substr($page,-3) =='php'){
if( isset($_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] != 'off' ){
$heading='https://';
}else{
$heading='http://';
}
header("Location: " . $heading . $_SERVER["SERVER_NAME"] . "/m" . $_SERVER["REQUEST_URI"]);
exit();
}
$page=substr($page, strrpos($page, '/', -1));
$ssl_pages=array('/backoffice.php', '/login.php', '/login-partner.php', '/checkout.php', '/checkout_member.php', '/membership.php', '/partner.php');
if(in_array($page, $ssl_pages) || substr($page, 0, 3)=='/bo'){
if($_SERVER[HTTP_HOST]!='domain.com'){
header("Location: https://domain.com" . $_SERVER["REQUEST_URI"]);
}elseif($_SERVER["HTTPS"] != "on") {
header("HTTP/1.1 301 Moved Permanently");
header("Location: https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"]);
exit();
}
}else{
if($_SERVER["HTTPS"] == "on"){
header("HTTP/1.1 301 Moved Permanently");
header("Location: http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"]);
exit();
}
}
ini_set("session.cookie_domain", "domain.com");
session_start();
?>
This is bo_session_check.php
if(isset($_SESSION['agreed']) && $_SESSION['agreed']!="yes" && $_SESSION['admin']!="yes"){
/*
DEPRECIATED
header("location: bo_terms.php");
exit();
*/
$_SESSION['agreed']="yes";
}elseif(isset($_SESSION['user_id']) && $_SESSION['user_id']!=""){
/*ALL GOOD*/
}else{
/*YOU GOTTA GO*/
header("location: login.php");
exit();
}
?>
Here is the PHP Session Info