If you are looking for DotKernel 3 related posts, go here.
We found a strange behaviour of sessions in one of our project, running DotKernel version 1.5.0
Similar to this one described here
In unknowns circumstances, and only in IE 8 and IE9 , the session cookie is not saved on client machine, and the user need to login over and over again. I was able to reproduce that behaviour once, on our staging server , and the only way to fix that was to open a new tab with the same page (?!?!?)
Anyway, is still an enygma. So i started to investigate Dot_Session class, and notice that the session cookie is generated 3 times !! See this bug report.
I noticed that we use both regenerateID() and rememberMe() methods of Zend_Session, , which is not necessary
Quote from ZF documentation:
If you call the rememberMe() function, then don’t use regenerateId(), since the former calls the latter. If a user has successfully logged into your website, use rememberMe() instead of regenerateId().
So i removed regenerateID() call, also added 2 new settings in application.ini related to session : use_only_cookies, which must be ON all the time in order to avoid session fixation , and remember_me_seconds.
Those small bug fixes will be included in the new DotKernel version 1.5.1 which will be released next days.
TIP
if you encounter the same issue in IE8 and IE9 , then with all regret, you need to de-activate the rememberMe() and regenerateId() methods calls.
Looking for PHP, Laminas or Mezzio Support?
As part of the Laminas Commercial Vendor Program, Apidemia offers expert technical support and services for:
Leave a Reply