1

Having an issue with Sessions not being set in Kohana.

Situation overview:

  • Kohana 3.3
  • PHP 5.3.x
  • Using database sessions
  • Chrome, Firefox, Safari(OSX) are all working correctly.
  • Internet explorer- sessions are not being set- on versions 8-10 (testing with dev tools emulation)
  • Session is not even created in the database, which also happens when no encryption key is set (coincidence?)
  • Possible curveball- Server is behind a load balancer. Persistence is on and working, and this is actually the only server behind that load balancer so persistence is an unlikely culprit.

I've dug through the code a little, but cant find anything that would cause this to be an issue just for IE.

There are no dreaded underscores anywhere in the URL or hostname, and regardless of what I set the Cookie::$domain to, the result is the same.

session.php settings file:

return array(
    'native' => array(
        'name' => 'session_native',
        'lifetime' => 43200,
        'encrypted' => TRUE,
    ),
    'cookie' => array(
        'name' => 'session_cookie',
        'encrypted' => TRUE,
        'lifetime' => 43200,
    ),
    'database' => array(
        'name' => 'session_database',
        'encrypted' => TRUE,
        'lifetime' => 43200,
        'group' => 'default',
        'table' => 'sessions',
        'columns' => array(
            'session_id'  => 'session_id',
            'last_active' => 'last_active',
            'contents'    => 'contents'
        ),
        'gc' => 500,
    ),
);

Have set Session::$default = 'database';, though doesn't seem to be related to the IE-only issue. Have also tested with native sessions, same result.

Any thoughts or insights? Feel like I'm missing something completely obvious

Community
  • 1
  • 1
chrisboustead
  • 1,573
  • 12
  • 17
  • Does it work if you set `Session::$default = 'native';`? Knowing that will help narrow down where to look. – Moshe Katz Jan 24 '14 at 02:43
  • It does not. I should have included that- I will edit original post. – chrisboustead Jan 24 '14 at 02:50
  • Use a tool like [WireShark](http://www.wireshark.org/) or [Fiddler](http://fiddler2.com/) to capture the HTTP headers for the request - for both IE and any working browser, and look for the `Cookie` and `Set-Cookie` headers. Let us know what you find. (You can post complete headers in [Gist](https://gist.github.com/) or [Pastebin](http://pastebin.com/) - anonymize them first if you think it's necessary.) – Moshe Katz Jan 24 '14 at 03:04
  • Thanks for the input, was finally able to solve playing with IE's security settings. – chrisboustead Jan 30 '14 at 19:40
  • 1
    We don't do `[SOLVED]` in the title here. If you've answered your own questions, either post the answer and accept it, or delete the question. Thanks. – j08691 Jan 30 '14 at 19:42

1 Answers1

0

SOLVED:

Turned out to be a missing Compact privacy policy. IE had stricter privacy settings by default, adding the below header fixed the issue (not ideal but doesn't require making an entire P3P file). 

/**
 * Added for P3P cookie support
 */
header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
chrisboustead
  • 1,573
  • 12
  • 17