Thread: Re: [Phplib-users] phplib and IE 6 authentication not working
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
phplib-users
|
From: <pau...@mo...> - 2004-06-21 16:23:53
|
Marko Many thanks for the reply. I have done some more digging and found that IE6 implements the P3P privacy policy: http://www.oreillynet.com/pub/wlg/1539 "MSIE 6 has an inaccurate definition of third party cookies. If your domain is hosted on one server and your PHP stuff is on another, the IE6 P3P implementation considers any cookies sent from the second machine "third party". Third party cookies will be blocked automatically in most privacy settings if not accompanied by what MS considers "an appropriate Compact Policy". This appears to break the cookies and so breaks the sessions. The page suggests adding a header immediately before the cookie, ie: header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"'); Does any one have any thoughts on where best to put this? Presumably in session4.inc? Or would it be better in the page itself? Many thanks Paul *********************************************************************** This email and any attachments transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and do not store, copy or disclose the content to any other person. It is the responsibility of the recipient to ensure that opening this message and/or any of its attachments will not adversely affect its systems. No responsibility is accepted by the Company. *********************************************************************** |
|
From: <pau...@mo...> - 2004-06-22 15:29:31
|
Nathan/Marko
Thanks for the replies.
Marko
The policy I included was copied from the article mentioned. AS such it may have just been an "example" the author had invented and not a real/valid policy. I have tried to create one at the site mentioned in the article but it refuses to e mail me the certificate it creates (probably because I don't have CPP :-))
Marko/Nathan
I have tried to insert the header in a number of different ways:
In prepend.php, in sessions4.inc, in the web page itself:
header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"')
In the template:
<meta http-equiv="P3P" content='CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"'>
None of these seem to work. I still can't access the site, but as I said this may be because this is not a valid policy.
Any thoughts/suggestions?
I'll keep searching.
Paul
***********************************************************************
This email and any attachments transmitted with it are confidential
and intended solely for the use of the individual or entity to whom
they are addressed. If you have received this email in error please
notify the sender and do not store, copy or disclose the content
to any other person.
It is the responsibility of the recipient to ensure that opening this
message and/or any of its attachments will not adversely affect
its systems. No responsibility is accepted by the Company.
***********************************************************************
|
|
From: marko <mk...@mc...> - 2004-06-22 15:56:23
|
Hi Paul, I'd advise you to do another test NOT using IE6! Could you install the latest Mozilla FireFox 0.9 and do the same test? I see there the same strange behaviour like in IE6. There needs to be an entry for the session id in the file "cookies.txt" in the user profile of FF, like: --- cookies.txt --- server.xyz FALSE / FALSE 2129183350 Exp_Session ac8b618aad4210aa2cd442d82c89b44b ------------------- If this entry doesn't exist the FireFox would show the strange behaviour also seen in IE6. The 5th entry means lifetime until year 2137 and the last needs to be a valid phplib session id. The strange thing is, that this lifetime never changes if you open and close the application. This is different for phpmyadmin! So, why is phplib unable to create such a cookie in case it still doesn't exist? Questions.... Marko |
|
From: marko <mk...@mc...> - 2004-06-30 09:19:36
|
Hi Paul, I installed the latest php 4.3.7. Although I had/have some difficulties getting Apache properly running with PHP and my SuSE 8.2 I made it work for my FireFox and IE6! Obviously there was a problem with PHP version 4.3.1 which I had installed before, which caused that for some reason cookies couldn't be created on clients side. I still have the problem with my apache that it sometimes offers php files for download instead of just executing them. Haven't understood yet why this happens. But except of this inconvenience phplib is working again on IE and new Mozilla based browsers!!! Greetings, Marko |
|
From: Layne W. <la...@dr...> - 2004-06-30 12:29:00
|
Quoth marko:
> I still have the problem with my apache that it sometimes offers php file=
s
> for download instead of just executing them. Haven't understood yet why
> this happens. But except of this inconvenience phplib is working again
> on IE and new Mozilla based browsers!!!
This is because the file extension you are using in these cases is not
mapped to a MIME type. Edit httpd.conf and look for a line like this:
AddHandler application/x-httpd-php .php
Add the extension(s) you are using like this:
AddHandler application/x-httpd-php .php .phtml
You can always put this in a .htaccess file to limit the setting to the
directory (and all sub-directories) in which you place it.
Layne Weathers
|
|
From: marko <mk...@mc...> - 2004-06-30 14:13:01
|
Hi Layne,
> AddHandler application/x-httpd-php .php
well, actually I have this setting in my httpd.ini in a slightly different
form:
<IfModule mod_php4.c>
AddType application/x-httpd-php .php
AddType application/x-httpd-php .php4
AddType application/x-httpd-php-source .phps
</IfModule>
I don't really know what happened, since for some reason my firefox works
fine again. Looks like that was some caching issue or something. Don't
know what happened. IE6 worked fine from the beginning.
Also I checked the changelog of the successor of my old PHP 4.3.1 and
there is a lot of stuff concerning cookies and sessions mentioned. Looks
like the 4.3.1 still contained quite a few quircks.
Marko
|
|
From: <pau...@mo...> - 2004-06-30 16:38:23
|
Dear All
I've finally managed to figure this out. Not sure if it'll help any body else but here goes:
The first suggestion that was made was to implement a compact privacy policy. This didn't work but may help in some cases, I guess.
The second suggestion I got was from some one who suggested that when he set the session_cache_limiter ("private"), it solved all his problems with IE6. Again this may help some one but it didn't fix the problem for me.
Finally I had a suggestion that IE6 doesn't like server names with underscores in them. Our servers are all named along the lines edm_bfhxx_fp002, so I changed the web server to have a virtual host named edm-bfhxx-fp002 and BINGO everything sprung to life. So it appears that IE 6 willno accept sessions, cookies etc from a server that has underscres in it's name.
Nice of them to leet us know eh!!
Hopefully one of the above will also fix your problem, Marko.
THanks for all you help.
Paul
***********************************************************************
This email and any attachments transmitted with it are confidential
and intended solely for the use of the individual or entity to whom
they are addressed. If you have received this email in error please
notify the sender and do not store, copy or disclose the content
to any other person.
It is the responsibility of the recipient to ensure that opening this
message and/or any of its attachments will not adversely affect
its systems. No responsibility is accepted by the Company.
***********************************************************************
|
|
From: marko <mk...@mc...> - 2004-07-01 06:51:35
|
Hi Paul,
> The second suggestion I got was from some one who suggested that when he
> set the session_cache_limiter ("private"), it solved all his problems
> with IE6. Again this may help some one but it didn't fix the problem
> for me.
good hint, haven't tested that. But I'll keep it in mind for the future.
> Finally I had a suggestion that IE6 doesn't like server names with
> underscores in them. Our servers are all named along the lines
That sounds quite typical... ;) OK, good to know.
So the underscore thing was your problem then... Funny.
> Hopefully one of the above will also fix your problem, Marko.
As I said, my problems with IE6 had been fixed since I used PHP 4.3.7!
4.3.1 had beeen mainly the reason! The quirks concerning downloading of
php files (instead of executing them when accessing the server with
FireFox) vanished, miraculously.
So, eventually, after half a year, this problem is solved. Good to know
that I can shift my re-coding of my phplib-based app further into the
future! :)
Greetings,
Marko
|
|
From: Layne W. <la...@dr...> - 2004-07-02 01:10:09
|
> Finally I had a suggestion that IE6 doesn't like server names with > underscores in them. Our servers are all named along the lines > edm_bfhxx_fp002, so I changed the web server to have a virtual host > named edm-bfhxx-fp002 and BINGO everything sprung to life. So it > appears that IE 6 willno accept sessions, cookies etc from a server > that has underscres in it's name. Unless the rules have been modified in the last couple of months, underscores have never been valid characters for a domain name. Layne Weathers |
|
From: Nathaniel P. <np...@te...> - 2004-06-21 16:48:53
|
On 6/21/2004 9:25 AM, pau...@mo... wrote : >Marko > >Many thanks for the reply. > >I have done some more digging and found that IE6 implements the P3P privacy policy: > >http://www.oreillynet.com/pub/wlg/1539 > >"MSIE 6 has an inaccurate definition of third party cookies. If your domain is hosted on one server and your PHP stuff is on another, the IE6 P3P implementation considers any cookies sent from the second machine "third party". Third party cookies will be blocked automatically in most privacy settings if not accompanied by what MS considers "an appropriate Compact Policy". > >This appears to break the cookies and so breaks the sessions. The page suggests adding a header immediately before the cookie, ie: > >header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"'); > >Does any one have any thoughts on where best to put this? Presumably in session4.inc? Or would it be better in the page itself? > > I was going to email and suggest you look into P3P, but it looks like you've already figured that out. :) Anyway, if you want sessions to work, you'll need to make sure that this header is sent before the cookie used for sessions is sent. session4.inc is probably the best place for this, but be aware that this issue affects all cookies sent to IE6, so if there are sections of your site that doesn't use PHPlib, make sure to use the header there. If you want to put the header into session4.inc, the best place for it would be in the function put_headers(), before the switch statement, or (if that doesn't work, for some reason), in the function start() before the call to set_tokenname(). This will guarantee that the header is sent whenever PHPlib sessions are used. Another possibility, if you want this to be applied sitewide, would be to create a simple PHP file with the header() function in it, and then use the auto_prepend_file configuration in php.ini or in the Apache configuration to always execute this code anytime a PHP file is proccessed. -- ___________________________ Nathaniel Price http://www.tesserportal.net Webmaster |
|
From: marko <mk...@mc...> - 2004-06-22 08:21:34
|
Hi Nathaniel and Paul,
I tested your proposal and inserted the line
header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
as my first statement in my script. BUT still it doesn't work! IE wouldn't
handle the session.
Marko
|
|
From: marko <mk...@mc...> - 2004-06-22 11:00:27
|
Paul, did you test your servers with IE6 and phpmyadmin (in case you have mysql running)? IE6 and Firefox worked in my case without trouble, though they also use session cookies. Marko |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X