A curious problem.
The newly developed website uses a third-party login system that uses sessions (surprise!). The website works fine in all instances, in all browsers except Internet Explorer 11 (and, possibly, previous versions, not checked).
Qualifiers:
- I read various related topics on SO, nothing matches the bill.
- PHP
Header does not redirect to each affected page - no
_ in the domain name or URL. - No frames.
- Session and domain are protected.
Code Details:
a) Each page has a controller file with header information included in it:
header("Cache-Control: no-cache, must-revalidate"); //HTTP 1.1 header("Expires: Thu, 19 Nov 2011 08:52:00 GMT"); // Date in the past header('Content-Type: text/html; charset=utf-8'); header("X-Clacks-Overhead: GNU Terry Pratchett"); header_remove("X-Powered-By"); header("X-XSS-Protection: 1; mode=block"); header("X-Frame-Options: SAMEORIGIN"); header("X-Content-Type-Options: nosniff"); header("Content-Language: en"); header("Content-Security-Policy: upgrade-insecure-requests;"); header("Referrer-Policy: origin-when-cross-origin"); //referrer for Chrome header("Referrer-Policy: strict-origin-when-cross-origin"); if (isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false)){ header('X-UA-Compatible: IE=edge,chrome=1'); }
b) as part of this process; A cookie check is performed to see if cookies are enabled in the client browser. This is done through both the login / access and sharing zones.
if($_COOKIE['cookieEnabled'] !== "yes") { \setcookie('cookieEnabled', "yes", time() + 42000, "/", $_SERVER['HTTP_HOST'], true, true); }
All that is is a cookie that says yes, cookies are included if the cookie is not already set. Just.
c) Below that; There is a controller code for loading session variables and performing other actions for a third-party administrator.
// Create / Include the Session Object - Session.php $session = new Session($db);
d) I set the test status in Session.php __construct to do this:
session_start(); if($_COOKIE['cookieEnabled'] !== "yes" && empty($_SESSION)) { error_log("INFO: An access attempt without a session or cookie was attempted..."); if($_COOKIE['cookieEnabled'] !== "yes"){ error_log("Cookie does not appear to be enabled"); } die("unimportant debug error"); }
Note that the session array will never be empty, as it has been previously added to previous pages;
e) [local] PHP.ini:
session.cookie_secure=1 default.charset=utf-8 error_log=/home/domainaccount/error/PHP_error.log session.save_path=/home/domainaccount/sessionz session.cookie_domain=domain.org.uk
NOTE. Web path: /home/domainaccount/public_html/
PHP.ini values ββwere checked with phpinfo() and set correctly.
Curious problem
I load the website into various browsers, and it registers in order, all work, session data is transferred.
However, this is not the case on IE11. It simply returns with a blank screen, without errors, without feedback (otherwise, session data is transferred to the login page) and there are no code error logs .
The error log shows:
INFO: an attempt was made to access without a session or cookie ...
A whole bunch of times, but no indication that the cookie was refused, just a session.
Unsurprisingly, the login page has a Header location redirect for success and failed login attempts.
About IE11
IE version number: 11.248.16299.0.
IE cookie settings: first cookies are accepted, third-party cookies are accepted, session cookies are always allowed.
Questions
1) Why is this happening ONLY for IE?
2) How can I solve this (change my headers, cookie settings, etc.?)