NYCPHP Meetup

[nycphp-talk] PHP and MSIE 6.0

Hans Zaunere hans at nyphp.org
Mon Feb 3 22:50:59 EST 2003


--- betenoir at echonyc.com wrote:
> >--- betenoir at echonyc.com wrote:
> >> After testing fairly thoroughly we have discovered that
> >> IE6 is remarkably inconsistent in how it passes cookies
> >> and form data from page to page.
> >
> >I'm not sure what inconsistencies you are speaking about,
> >but perhaps your observations are related to third-party
> >cookies from sites that are not P3P-compliant. I believe IE
> >requires (by default) P3P compliance from third-party sites
> >wishing to set a cookie.
> 
> Are you referring to having a privacy policy? We've done that.  But it's
> not the third party that's setting the cookie. The problem is retrieving
> the cookie that we set when we return to our domain *from* the third party.
> 
> >Maybe that helps explain something.
> >
> >> It is better at $_POST info but a long way from
> >> reliable. It is less reliable when it comes to cookies.
> >
> >I am not sure what inconsistency you are noting with IE and
> >form variables, but I expect that you will ultimately
> >identify something in your code rather than in the browser.
> 
> I am prepared to accept that possibility. However we have had a probem that
> when posting from form_input.php to review_form.php
> 
> In the former I've registered name, address, item_number.
> <?
> 	session_register('name');
> 	session_register('address');
> 	session_register('item_number');
> ?>
> 
> And posted from a form
> 	<input type=text name=name>
> 	<input type=text name=address>
> 	<input type=text name=item_number>
> 
> to review_form.php
> 
> ON the review_form.php page I register the variables as above and create
> the HTML as follows:
> 
> <?
> 	print  "$name <imput type=hidden name=\\"$name\\">";
> 	print  "$address <imput type=hidden name=\\"$address\\">";
> 	print  "$item_number <imput type=hidden name=\\"$item_number\\">";
> ?>
> 
> However  the variables do not appear (print) consistently even though there
> is a javascript error-checking routine on the previous page.
> 
> And submitting the same page 5 minutes later on the same machine under
> identical circumstances has produced different results.
> 
> >If you can reproduce your problem in a very small script
> >that demonstrates the problem, we can probably help more.
> 
> The BIG problem is reading the cookie(s) that I am setting on the
> review_form.php page.
> 
> 	$postString = $_POST;
> 	$cC = 0;
> 	$N100D = "";
> 	$expiry = time() + 60 * 60 * 24 * 365;
> 	foreach ($postString as $key => $value) {
> 
> 		if ($value != "") {
> 			$cienCenas = array ($key => $value);
> 			setcookie($key,$value,$expiry);
> 			$N100D = $N100D . $key . ",";
> 			$N100D = $N100D . $value . ",";
> 		}
> 	}
> 
> 		setcookie('$ciento',$N100D,$expiry);

You really want to set a cookie named $ciento (mind the single quotes)?

The only similar behaviour I've seen is with correctly forming the expire
time.  I've found differant behavior between Mozilla and IE, for example,
although I'm sorry I can't remember exactly what it was.  And since it's a
time issue, this may relate to why it works "now", and not "then."  I'm sorry
I can't remember many details, but here is some stuff I've ripped, totally
out of context, from some old code:

/***  NOTES
   setcookie('psyn',pACK,time()+3600,'/','.nyphp.com',0);
   header('Refresh: 5;url='.pAUTH_URL_LOGIN);

   We need to be aware about DOMAIN and Location stuff.  For instance, we
were getting redirected to www.nyphp.com and so the cookies didn't stick on
the redirect.  And, although there is talk that Location: doesn't work right,
it's been working, although we may run into a case where Refresh: is needed

   NOTE: This doesn't work right under NN 4.7
***/

/** This begins to implement TCP style SYN/ACK seq behavior for session ids
**/

      define('pACK', substr(microtime(),2,8).time());
      if( empty($_COOKIE['psyn']) )
         define('pSYN', 0);
      else
         define('pSYN', $_COOKIE['psyn']);

      header('Set-Cookie: psyn='.pACK.'; domain=.'.PARASITE_DOMAIN.';
path=/');

I've also had better luck using header() and forming my Set-Cookie header
manually.  Hopefully I didn't confuse things,

H



More information about the talk mailing list