Search code examples
phpinternet-explorersessionkohanakohana-3

Kohana 3.3 - Sessions not set in IE

Having an issue with Sessions not being set in Kohana.

Situation overview:

  • Kohana 3.3
  • PHP 5.3.x
  • Using database sessions
  • Chrome, Firefox, Safari(OSX) are all working correctly.
  • Internet explorer- sessions are not being set- on versions 8-10 (testing with dev tools emulation)
  • Session is not even created in the database, which also happens when no encryption key is set (coincidence?)
  • Possible curveball- Server is behind a load balancer. Persistence is on and working, and this is actually the only server behind that load balancer so persistence is an unlikely culprit.

I've dug through the code a little, but cant find anything that would cause this to be an issue just for IE.

There are no dreaded underscores anywhere in the URL or hostname, and regardless of what I set the Cookie::$domain to, the result is the same.

session.php settings file:

return array(
    'native' => array(
        'name' => 'session_native',
        'lifetime' => 43200,
        'encrypted' => TRUE,
    ),
    'cookie' => array(
        'name' => 'session_cookie',
        'encrypted' => TRUE,
        'lifetime' => 43200,
    ),
    'database' => array(
        'name' => 'session_database',
        'encrypted' => TRUE,
        'lifetime' => 43200,
        'group' => 'default',
        'table' => 'sessions',
        'columns' => array(
            'session_id'  => 'session_id',
            'last_active' => 'last_active',
            'contents'    => 'contents'
        ),
        'gc' => 500,
    ),
);

Have set Session::$default = 'database';, though doesn't seem to be related to the IE-only issue. Have also tested with native sessions, same result.

Any thoughts or insights? Feel like I'm missing something completely obvious

Solution

  • SOLVED:

    Turned out to be a missing Compact privacy policy. IE had stricter privacy settings by default, adding the below header fixed the issue (not ideal but doesn't require making an entire P3P file). 

    /**
 * Added for P3P cookie support
 */
header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');