Redirect Losing Session in IE, FF

Greetings,

I’m not quite sure if this is a bug in Yii, or a problem with Firefox 3.6/4 or IE 7/8/9.

I have a model which connects to an external API for a Shift Management company. As part of my authentication process, I authenticate against their servers and store the authentication response inside of Yii’s session (the API does this all automatically).

After successfully authenticating against their servers I redirect the user to one of two pages, both which require the session data to bet set and saved.

My login controller looks like this.




	public function actionLogin() {

		$this->layout='//layouts/column1';

		$model=new LoginForm;


		// collect user input data

		if(isset($_POST['LoginForm']))

		{

			$model->attributes=$_POST['LoginForm'];

			// validate user input and redirect to the previous page if valid

			if($model->validate() && $model->login()) { 

				if (Yii::app()->user->getState('firstLogin') == 1)

					$this->redirect(array('/firsttime'));

				$this->redirect(Yii::app()->user->returnUrl);

				}

		}

		// display the login form

		$this->render('login',array('model'=>$model));

	}



In Chrome 10.0.648.151 and Safari 5, $this->redirect(); successfully passes the session data to the next page. However in Firefox 3.6/4 AND IE7/8/9 the redirect loses the session. I can see in the debug consoles for both Firefox and IE that the session has been created and a cookie has been stored but the data ends up getting lost on the redirect.

If I remove the redirect, and cause my login controller to render the page, and then manually go to the page it is suppose to go to then the session sticks and I can proceed with what I was doing.

From what I can tell, Yii is losing the session data on redirect in both of these browsers.

Is there a way that I forcefully pass the session data to the next page on the redirect? The PHP manual for header indicates that I can pass the session via SID constant, but thus far I have been unsuccessful in doing so, as Yii doesn’t seem to be using this SID constant.

I’ve tried disabling both caching systems I have in place and none of the other solutions I have tried have seemed to work. I’ve also been able to replicate this on an XP Box with IE7/8 & Firefox 3.6

Any advice on how to fix this in the meantime?

Client OS: Windows 7 x64

Server OS: Ubuntu 10.04 LTS, Standard LAMP Stack + Memcache & APC

Yii Version: 1.1.6

Hello Charles.

Any news on this one?

I notice quite strange behavior in FF4 and login/logout redirects (i need to submit twice the credentials in order to login, does not logout when the link is pressed).

Is this a Firefox issue or a Yii (I use Yii 1.1.5)?

Thanks

Gerhat,

I’m fairly certain this is an issue with how Firefox 4/IE 9 handles sessions & POST responses. Unfortunately I was never able to get this to work the way I wanted to. I ended up caching the session response from the API into mySQL, and then post-login reloading that data back into the session.

If I recall correctly, doing something other than sessions stuff also helped. When I was just storing the response in session variables, I would lose them - but performing an SQL query seemed to help the session stick. It "feels" like doing something with the data help Yii "remember" the cookie data.

I’m still not certain what is causing the issue, but the I did get what I wanted to work. It’s a roundabout solution and isn’t nearly as efficient as just using session, but it works.

If you find anything more out about this I’d love to hear from you.

Thanks,

Charles Portwood

Hello Charles.

It apears that my issue had nothing to do with Firefox 4 and IE9 after all. The managed dedicated server that hosts my application got updated with this software http://www.varnish-software.com/products-services/varnish-cache in order to handle DDOS attacks. As a result, cached session manifested this strange behavior.

Since googling my issue for too long without any luck I think maybe you should make sure that session is properly handled on your server (write permissions, available memory, php memory limit etc.).

In case these browsers had issues with session handling I guess this would be all over the internet by now.

Thanks a lot for your answer.

Gerasimos

I have the same problem.

How to solve it, please?