Session variables not getting set but only in Internet Explorer and not on all machines

Logging into a site I'm working on functions as expected on my local machine but fails on the remote server but ONLY in Internet Explorer. The kicker is that it works in IE locally, just not on the remote machine.

What in the world could cause this? I have stepped through the code on the remote machine and can see the entered login values being checked in the database, they are found and then a login function is called. This sets two $_SESSION variables and redirects to the main admin page. However, in IE only (and not when run on local machine... this is key) the $_SESSION variables are not present by the time you get to the main admin page. var_dump($_SESSION) gives me what I expect on every browser when I am running this in my local environment and in every browser except IE 6, 7 and 8 when run on the remote server (where I get a开发者_运维技巧 null value as if nothing has been set for $_SESSION).

This really has me stumped so any advice is appreciated.

For an example... in IE, run locally, var_dump gives me:

array
'Username' => string 'theusername' length=11
'UserID'   => string 'somevalue' length=9

Run on the remote server (IE only... works fine in other browsers) var_dump gives me:

array(0){}

Code (a minimal example... though really a code example isn't needed with this issue):

$User = GetUser($Username, $Password);
    if ($User->UserID <> "") { // this works so we call Login()...
        Login($User); // this also works and gives expected results. on to redirect...
        header("Location: index.php"); // a var_dump at index.php shows that there is no session data at all in IE, remotely.
    } else {
        header("Location: login.php");
    }


function Login($data) {
        $_SESSION['Username'] = $data->Username;
        $_SESSION['UserID'] = $data->UserID;
// a var dump here gives the expected data in every browser
    }

EDIT: Solved this. It was the fact that the domain name on the testing server had an underscore in it. No idea why and don't have time to Google for it right now but the underscore, named something like some_client.ourcompany.com, was the problem. Gotta love Internet Explorer... it's like a passive aggressive co-worker that you simply cannot avoid.

Putting this in as an answer (suggested by user tuzo) to make it easier to find. Solved this. It was the fact that the domain name on the testing server had an underscore in it. No idea why and don't have time to Google for it right now but the underscore, named something like some_client.ourcompany.com, was the problem. Gotta love Internet Explorer... it's like a passive aggressive co-worker that you simply cannot avoid.

Taken from another SO answer... explains exactly what's going on: Does one of the subdomains use an underscore ? IE has problems accepting cookies from subdomain's that dont follow the URI RFC. (http://www.ietf.org/rfc/rfc2396.txt)

Check the value of session.cookie_domain in your php.ini file. If that value is set, make sure it's what you'd expect. That's the biggest thing I can think of which could behave differently locally vs remote.

Also, if you have a value set to session.cookie_lifetime, try commenting that line out in your php.ini. I saw some peculiar behavior with IE when I dropped a value in there.

Here's a quickie session checker. If you reload the page and keep seeing new values for the token, you're not getting a persistent session. Then you can definitely blame the server/PHP config and not your code.

<?php
session_start();
if (!isset($_SESSION['token'])) {
    $_SESSION['token'] = sha1(uniqid(rand(), true));
}

if (!empty($_POST)) {
  $_SESSION['hi'] = preg_replace('/[^\w ]+/','',$_POST['hi']);
  header("Location: index.php");
  exit;
}

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Session test</title>
</head>
<body>

<h1>How's that session doing?</h1>
<p>Message: <?=htmlspecialchars($_SESSION['hi'])?></p>
<p>Token: <?=htmlspecialchars($_SESSION['token'])?></p>


<form action="index.php" method="post">
<fieldset>
  <label for="hi">What do you have to say?</label>
  <input type="text" name="hi" id="hi">
  <input type="submit" value="Submit">
</fieldset>
</form>

</body>
</html>

"It was the fact that the domain name on the testing server had an underscore in it" This is absolutely true. This post was found after spending more than 3 hours to sort out the same problem. Many thanks to gaoshan88

Try putting session_start(); at the top of the page you are making the sessions in. and check if you assign the session vars the right way:

$_SESSION['SESSION_NAME'] = 'sessionValue';

We've had the same issue, however it was not the server name characters but the server time that wasn't right. This caused our session cookies to be invalid instantly in IE while it worked on other browsers.