I have a problem with saving session data with IE9. When users login the session is saved correctly. Now, if they browse through the application, the application stores the pagehistory into the session data (I use this for the applications back button). Unfortunately IE9 does not always save this data into the session (sometimes it does and sometimes it does not). It works perfectly with other browsers.
If you are using PHP, try adding a header like:
//vfranchi - necessary to IE8, so it won't throw a warning
header('P3P:CP="This site does not contain a P3P policy."');
I think this is related to IE8 not saving cookie information when the site doesn't have a explicit privacy policy. I had the same problem and that fixed for me.
Remember this statement needs to be before any output just like session_start()
Solved it by switching off IE8 compatibility mode.
Related
I have developed cloud application in ASP.NET. After every deployment, the portal either shows white screen or shows older version of the application.
Any suggestions would be highly appreciated.
I have already tried:
1) Updating JS version in each deployment (white screen issue was resolved by this)
2) Recycling Application Pool
3) IIS manager->http response header->set common headers->enable web content
4) Restarting IIS(8.5) after each deployment
However, none of these have worked. The application works fine in incognito mode of Chrome browser but not the regular one.
However, none of these have worked. The application works fine in incognito mode of Chrome browser but not the regular one.
As far as I know, if your brower has accessed your web application once, it will store the cache in client side.
If you modify the content and add the response header, it will not re-send the request to the server, it will use the cache page.
To aovid this, the only way is clear the browser's cache or use Ctrl+F5 to refresh the page.
Then if your reponse haeder contains the no-cache next time, the browser will not store the cache again.
A cookie has been set with the SameSite=Strict attribute. When Javascript tries to read the cookie before making an XHR request the cookie seem to be unavailable. But the developer tools show the cookie exists. This problem is happening only in the recent version of Firefox. Not sure if I am missing anything. The domain and the path are set right on the cookie.
Apparently, it depends on how you get to the page that performs the XHR request. If you get there by clicking on a link on another website (say, following a link on your webmail client), the Strict cookies will not be available, even in subsequent XHR requests! This behaviour seems to be different in Firefox than in other browsers.
Some more info you may find here: https://www.netsparker.com/blog/web-security/same-site-cookie-attribute-prevent-cross-site-request-forgery/
I still don't know why, I think it about the firefox behavior, I fixed by using location.replace("") to reload page, but you can also use "lax" or "none" to fix that.
This is for Safari 5.1.4 and 5.1.5 only. It works on older Safari versions.
if you go to:
http://gemal.dk/test/restob.html
and click on the button you get a Online Booking inside a iframe
If you the click on a green day and then a time you are presented with a "Your session has expired".
If you check the cookies you dont have any cookies.
Safari is rejecting the session cookies and this started around the Safari/Google issue where Safari became more strict about 3rd party cookies. Version 5.1.4+
How can I solve this? How can I set the cookies in the iframe?
I send the correct P3P headers. I've tried a lot of things I just cant get it working.
It works in all other browsers than Safari 5.1.4+
Maybe ,The following link would be helpful to you .
http://www.reizbombardement.de/archives/safari-5-1-4-enforces-cookie-policy
Safari 3rd party cookie iframe trick no longer working?
Certainly, To set a cookie for your domain and refresh the opener and then closes,
you must prepare dummy page(ex...safari_cookie_fix.php)
But...
In Our project , We prepare its dummy page as Good-looking(Not bad usability!) loading page.
I experimented a similar problem.
A web "parent" page open my "child" website in a jquery fancybox i-frame cross-domain.
Not problem at all with Explorer, Chrome, Firefox, Opera and even with Safari (5.8.1) on MAC.
But with iPhone, iPad and mini iPad, the session in the i-frame is lost.
That's mean that at every click on an element in the i-frame (web site is in aspx) a new session started.
We solve the problem in a very simple way:
when the parent website start, it call a page in the child site directly (not in an i-frame). In this page I just set a session variable and I redirect to the parent website.
Now when the child website is open in an iframe, the session is kept.
I have a number of sites using Kohana's session handler set to use database sessions. Everything works fine until I turn on Resource Tracking in Safari's Web Inspector. After enabling resource tracking, the page refreshes (normal), but then if I refresh the page twice I get logged out. From what I can tell, the session id/key changes therefore it has no session. Upon watching the storage/cookies area, I can see the session id cookie change immediately.
I haven't been able to reproduce similar behaviour in any other browser, including Chrome (Webkit).
Any ideas what might be causing this?
This appears to be fixed in Safari 5.1, so in other words, no longer an issue. Still love to know why it was happening (in case there's another issue), but for now it's resolved.
I’m investigating a bug in my MVC3/.NET 4 site which runs on IIS7.5 with integrated pipeline that only manifests itself when accessed using IE6.
The process in pseudo is:
Browser requests Page A; server sets
a Session[] value and responds with
the page.
Enter data onto Page A and
http post the form back.
Server tries to get value out of Session[]
previously set in (1) but returns
null >> but only in IE6, 8(.
In IE7, IE8, IE9, Firefox 3.6, Safari 5.0.3, Chrome 10 the same code works without change.
In my global.asax code I put a Session_Start handler in and noticed some strange behaviour.
In IE6 this handler is fired upon every request made BUT the Session.SessionID value remains the same. All the other browsers mentioned above only have this handler fire the first time they make a request. So for IE6 even though the session ID is the same each time it is called it would seem that the fact that it is “start”ing a new session seems to have the effect of clearing the data for the Session ID and starting it again hence the null value.
One theory I had was that because some items on the page (images etc…) would be accessed with HTTP whilst the page itself is HTTPS could be why IE6 is causing this behaviour (new session per protocol perhaps?) but I turned off the code that forced HTTPS to be used on the page in question, so all requests would be HTTP. Unfortunately the same behaviour is still observed on IE6.
After a lot of Googling I found things that said stuff like underscores in the domain can cause this (no underscores present in mine), ensure IE6 is accepting cookies (my test VM was set like to accept all session cookies).
Finally in a last ditch attempt:
I turned every privacy and security setting I could find in IE6 to as low as it would let me
I added my test site (http://<my machine name>/MyApp) to the list of trusted sites
Clear temporary internet files and cookies
Still I get the same issue. I have thought of a way to fix it that involves not using Session for this case but I would rather not make changes due to IE6 when it works in all of the other browsers including decendant versions of IE.
Edit: Some further testing on another page and when accessed via IE6 the session value is correctly retrieved after being stored by access to another page. More specically:
Working Page - Search:
Do a search, results are display and
criteria are stored in session.
Click on one of the results to view it, details page gets criteria in order to build querystring for breadcrumb trail link.
Failing Page - 2 stage login:
Go to 1st stage login page, enter username and password, assuming correct store encrypted http only cookie value with username in.
Redirect to 2nd stage login page, store 3 index values (List<int>) into a "secret" word in Session
Enter 3 characters from a secret word and post back.
Access session to get 3 index values - get nothing.
The reason for the failure is evident due to the observations made in the more generic description above. This is just getting weirder by the minute (and more frustrating).