[Catalyst] Re: Session Problem with IE

Octavian Rasnita orasnita at gmail.com
Mon Mar 26 15:02:42 GMT 2007 

From: "Fayland Lam" <fayland at gmail.com>

> wp wrote:
>> hello everyone, i'm new from china, i must say this mail-list helped me
>> a lot.
>>
>> I have a problem in using Session in catalyst;
>>
>> I use plugins as follows:
>> Session
>> Session::Store::FastMmap
>> Session::State::Cookie
>>
>> This problem happens when i call "delete_session" method in
>> "logout"(this is my own action).
>>
>> When I test with firefox, there is no problem.
>>
>> but when i test the website in IE, after "logout", session is deleted on
>> the server side, but the cookie on the client is still exist. So I can
>> not login again.
>
>
> well, in Session::State::Cookie, I see something like set the expires as
> 0 (means it will expire after browser closed).
> maybe I should suggest to change the sessionid as '' instead of set
> expire as 0?
>

Yes, it would be better.
I also have a similar issue.

I have set the expire time of the cookie to 0 and the expire time of the 
session to 2 hours.
After those 2 hours expire, when the user accesses the site, the session is 
expired and it prompts the user for a username and password.

This is OK, but if the user tries to login in that moment, he cannot do it, 
no matter how many times he tries.
For beeing able to login, he must first delete the IE cookies.

I have verified, and after the session is deleted, the cookie is still sent 
by the server application, however, cookie_expires => 0 has a different 
effect. It doesn't send a cookie without an expiration date (a session 
cookie) but it sends a cookie with the current date and time as an 
expiration date.

If the time set on the server is the same as the time set on the client 
computer, there is no issue, because that cookie will not be sent by the 
browser to the server (it is already expired), but if the time on the server 
is ahead with a few minutes, that cookie is stored by the browser on the 
client's hard disk, and it is sent to the server if the user tries to login 
in those minutes.

I don't know what happen on the server, but it doesn't work right. I think 
that the application should see that the session with the id specified by 
the cookie has expired, and it should let the user in if the login went 
successfully.
However, the user cannot login, and it needs to wait until that cookie 
expires, or go and delete all the browser cookies manually before logging in 
again.

It should be very good if this bug could be solved, and if more details or 
tests are needed, I could help.

Octavian

More information about the Catalyst mailing list