I have a session based log-in system that is working perfectly when viewed with Chrome, Safari, or Firefox, but generates the same problem when viewed with Internet Explorer 6, 7, 8, or 10 (every IE I've tried - and those have been tried across 8 different computers). The problem is very peculiar: A successful initial login works fine. If you logout, or if on the first try you got the username/password wrong, it seems to lock itself in a state where no matter what you do you will not A) log in successfully, or B) see the prompt that asks if you forgot your username and password.
I am convinced this has something to do with the caching, because when I refresh Home.php it works again. But I can't figure out how to fix it. I've tried directing no cache with meta tags and header calls to no avail, tried replacing Header(Location:) calls, and tried all kinds of goofy suggestions found in posts like increasing cookie lifetime above 21600 and using if ( == TRUE) instead of if (). So now I'm really out of ideas.
Code snippets below.
Home.php:
<?php
$lifetime=6000; //100 minutes
session_set_cookie_params($lifetime, '/');
session_start();
setcookie(session_name(),session_id(),time()+$lifetime);
...
if(isset($_SESSION['failedlogin'])) {if ($_SESSION['failedlogin']){?>
<div id="failedlogon"><a href="userreminder.php"><img src="images/loginfail.png" width="193" height="50" alt=""/></a></div>
<?php
}}
...
if($_SESSION['validlogin'] == TRUE) { //if logged in redirect to main.php
printf("<script>location.href='main.php'</script>");
login.php:
<?php
$lifetime=6000; //100 minutes
session_set_cookie_params($lifetime, '/');
session_start();
setcookie(session_name(),session_id(),time()+$lifetime);
if ($_POST['loginsubmit']){
$query = mysql_query("SELECT * FROM users WHERE UPPER ( UserName ) = UPPER('$user') and Password='$pass' LIMIT 1") or die(mysql_error());
$userdata = mysql_fetch_array($query);
$num_rows = mysql_num_rows($query);
if($num_rows == 1)
{
$_SESSION['validlogin'] = TRUE;
$_SESSION['username'] = $userdata['UserName'];
$_SESSION['userid'] = $userdata['ID'];
$_SESSION['failedlogin'] = FALSE;
unset($_SESSION['failedlogin']);
}else{
$_SESSION['validlogin'] = FALSE;
unset($_SESSION['validlogin']);
$_SESSION['failedlogin'] = TRUE;
}
}
printf("window.location.replace('Home.php')");
main.php:
<?php
$lifetime=6000; //100 minutes
session_set_cookie_params($lifetime, '/');
session_start();
setcookie(session_name(),session_id(),time()+$lifetime);
if ($_SESSION['validlogin'] == '' || $_SESSION['validlogin'] == FALSE){ //not a page to be on if you're not logged in.
header('Location: Home.php');
die();
}
I really can't find anything of value on the boards about this. I tried checking to see if the session cookie was changing after failed logins and it looked like they remained constant.