0

I think I have set data to Session properly, and Firefox can get the session data correctly, but IE can not get the session data and it returns bool(false). What's problem of this bug could be?

I'm new PHP guy, I'm wondering why does PHP set session at client rather than at server(Just like Java did).

Setting session data:

 $queryuser = $this->user_model->getUser($username, sha1($password));
        if(!empty($queryuser) && count($queryuser) > 0) {
            $user = array('islogin'=>true, 'userid'=>$username, 'nickname'=>$queryuser['nickname'], 'status'=>$queryuser['status']);
            $this->session->set_userdata('user', $user);

Getting Session Data:

 $user = $this->session->userdata('user');

I know the concept of session, I tested it on two browsers independently.

Winfield Trail
  • 5,535
  • 2
  • 27
  • 43
Mike
  • 37
  • 1
  • 4
  • Maybe you should show us some code? – Melvin Aug 21 '12 at 18:04
  • 9
    What exactly are you doing? Some code? Did you keep in mind that each browser, Firefox and IE, have their own sessions? – Daniel M Aug 21 '12 at 18:04
  • 2
    maybe you have cookies turned off in IE and you configured sessions to use cookies @ see http://stackoverflow.com/questions/1376731/do-php-sessions-set-any-cookies – vertazzar Aug 21 '12 at 18:07
  • I believe IE is not sending the session cookie. is your server clock proper? – Shiplu Mokaddim Aug 21 '12 at 18:07
  • Please answer the questions in the most up-voted comment. :D – Shiplu Mokaddim Aug 21 '12 at 18:08
  • Yes, I tested it on two browsers independently. – Mike Aug 21 '12 at 18:12
  • It's kind of offtopic but an important topic: Please dont just hash passwords using sha1. Use bcrypt or an algo with a similar strength. http://www.google.com/#hl=de&sclient=psy-ab&q=why+to+hash+passwords+using+bcrypt+in+php&oq=why+to+hash+passwords+using+bcrypt+in+php&gs_l=hp.3..33i21.462.7203.0.7342.48.43.3.0.0.0.288.6114.4j33j4.41.0.crnk_fspiked_nsqb..0.0...1c.IH6E0A_NE5g&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.&fp=7964df66ca62f4a9&biw=1920&bih=879 – Daniel M Aug 21 '12 at 18:17

1 Answers1

0

re: "I'm new PHP guy, I'm wondering why does PHP set session at client rather than at server(Just like Java did)."

A session in an HTTP context consists of 2 parts:

  1. The data, stored on the server, which cannot be accessed by the browser.
  2. A token or identifier of some sort, by which a particular user (that is, a particular browser session) can be uniquely identified. Since HTTP is a fundamentally "stateless" protocol, this token must be given to the client, and sent back by the client on every request. This usually takes the form of an HTTP "cookie", which is probably what you are having problems with here, although it can also be passed by other (browser-visible) means such as adding it to the end of all URLs.

The above is true whatever language you are writing your web application in. All they can do is hide it for your convenience.

IMSoP
  • 89,526
  • 13
  • 117
  • 169