Internet Explorer 8 doesn't pass session cookie for ajax request

Question

I have simple php application, it works on all browsers except on IE8 beta 2, problem occurs when I try to update table field using Ajax call (jQuery post method). Using IE8

Answer 1

I don't have IE8 myself, but your cookie might be blocked by Internet Explorer's strange security policies. A possible workaround can be to employ P3P (which is also the method for getting cookies working inside an IFRAME).

Generating the right P3P policy can be a bit of work, but you should be able to find the information you need at http://www.p3ptoolbox.org/

Answer 2

I had the same problem in IE8 RC1:

1)a user goes to the login page and a blank session cookie is set
2)The user logs in and a validated session cookie is set and javascript opens a new window and closes the current window.
3)The new window is opened and contains a blank session cookie.
4)The user is redirected to the login page

I changed step 1 so that the blank cookie was not set - I only send the session cookie if its been validated. This fixed the problem for me.

Answer 3

As a workaround, you can embed the SessionID as a parameter on the uri.

See passing session id in the php manual.

Answer 4

I am having trouble getting IE8 to use SSL Certificates (PK12) files as a means of authorization. If I want to protect a directory and force a matching web certificate to be present in the browser before granting access. It works fine with IE7 and all versions of Mozilla - just not IE8. It has rendered my wife's dictation system useless. One other thing I noticed is that when it sets the PHPSESSID cookie, it list the domain as .net and not mydomain.net.

Answer 5

Yesterday I had similar problem and found the solution. I hope this will help someone else also.

Problem: Suppose there's a website www.somewebsite.com and IFRAME inside it whcih loads php file from my server, www.myserver.com/welcome.php. Website was loading successfully as well as my welcome page and it showed something like "Hello Bob", so it successfully found user and logged him in.

Afterwards my JavaScript was making AJAX calls to another PHP file, and response was kind of in "not authorized" state, so SESSION data was completely missing. After page refresh, everything was working correctly. And this was happening only under IE8!

I thought that problem was with sending session cookies to the server, but when I installed Fiddler, I found that IE8 was sending cookies as well as PHPSESSID correctly, but server was kind of unable to detect correct SESSION object. Another strange thing was that 2nd time server sent following header:

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

but first time no. After adding that header manually in PHP script, everything worked like a charm!

Then, when I googled that "p3p abracadabra", I found following web site:

http://adamyoung.net/IE-Blocking-iFrame-Cookies

Conclusion: Make sure that you're sending the header on every page that sets a cookie.

And this is not only related to IE8 + PHP combination, same problem happens in case of IE8 + ASP.NET, IE8 + JSP, etc.