Bug in IE9: twice sent cookie is removed
I found a strange bug in Internet Explorer 9, which appears in the last
version 9.0.8112.16421. If the same cookie is sent twice, once with the
expiration at the end of the session and once with any other expiration, IE9
will remove cookie. Webpage must have a strict doctype.
Example:
<?php
// expire at the end of the session
setcookie('test', 'value', 0);
// expire in 1 hour
setcookie('test', 'value', 3600 + time());
// switch browser and document mode to IE9
?>
<!doctype html>
Is cookie set? <?php echo isset($_COOKIE['test']) ? 'yes' : 'no' ?>
Try to open this example in IE9 and refresh: cookie will not be set.
Solution is to remove older cookies after sending new one:
$headers = array();
foreach (headers_list() as $header) {
if (preg_match('#^Set-Cookie: .+?=#', $header, $m)) {
$headers[$m[0]] = $header;
header_remove('Set-Cookie'); // requires PHP 5.3 or newer
}
}
foreach ($headers as $header) {
header($header, false);
}
Bug is fixed in Nette Framework.
Komentáře
Martin Štěpař #1
Is if platform specific? I use Windows 7 Professional SP 1 and the same version of IE, and everything is fine.
Kazzan #2
Pokud je k tomu reprodukovatelný test case, doporučím prodiskutovat s vývojáři IE v rámci zpětné vazby (bug report) na http://connect.microsoft.com/
Tento článek byl uzavřen. Už není možné k němu přidávat komentáře.