• Categories

  • Archives

  • Internet Explorer ignoring cookies…why?

    Published August 26th, 2016

    Wow, five years since my last post? Anyway…

    A short post, although it took me a couple of hours to solve this one…

    While working on a local development version of a web site project, I found that for some reason I was unable to log in to my CMS when testing with Internet Explorer. For the life of me I couldn’t work out what was going on — everything seemed to be working as it should, except that for some reason IE was regenerating its session cookie on every page load.

    I tried everything I could think of, to no avail, until I stumbled this obscure response on StackOverflow. The reason in the end was very simple: IE doesn’t like underscore characters in domain names (although the answer incorrectly suggests that hyphens are problematic, too).

    Fair enough, IE is adhering to the relevant RFC standard but to do so by silently ignoring cookies is just absurd. If it doesn’t support domain names with this character, surely it should just reject the whole site and give an error (e.g. “domain name contains illegal characters”)?


    Internet Explorer, HTTPS and file downloads: “The file could not be written to the cache”

    Published August 17th, 2011

    [Please see update below for a proper fix]

    Today I received an email from a client that had just moved their site over to SSL (i.e. HTTPS) — they were no longer able to download files in Internet Explorer. When they tried to do so, a message would appear:

    Unable to download...[file name]

    The file could not be written to the cache

    (an alternative error message is “Internet Explorer cannot download [file name] from [site].
    Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later.”)

    I tried various suggestions: different response headers, settings to do with saving encrypted files, and even tried (and failed) to install a couple of hotfixes.

    In the end, I’d nearly given up when I found this knowledgebase article and decided to have a go at manually adding the BypassSSLNoCacheCheck registry key.

    Short story, it worked. It’s not great since it requires the user to do something — I couldn’t fix it server-side — but it was OK in this case because the site was an intranet so their IT people could sort it. Anyway, I hope this helps someone else out there…

    UPDATE: OK, after a lot more experimentation I found a proper solution that doesn’t involve registry updates!

    It’s a long story but it turns out that PHP was automatically sending an extra header (“Pragma: no-cache”) that I hadn’t noticed. So, I set the headers as follows:

    header("Cache-Control: private");
    header( "Pragma: private" );

    …which overrides the automated headers and appears to solve the problem. Hurray!

    Using .htaccess to suspend an entire site while still working on it

    Published March 3rd, 2011

    Sometimes, when you’re working on a web site, you need to make some changes that could cause problems if there is someone else using the site at the time. The obvious solution is to suspend the site — e.g. put up a ‘this site is down for maintenance’ page — but how do you do this while still being able to view and work on the site yourself?

    In fact, it’s really quite easy, using .htaccess. Simply put, you use mod_rewrite to redirect all requests to the maintenance page, unless the user’s browser has a particular cookie.

    RewriteEngine On
    RewriteCond %{HTTP_COOKIE} !^.*secret-cookie.*$ [NC]
    RewriteRule .* maintenance-page.html [NC,L,R=503]

    Clearly you can change the name of the cookie from ‘secret-cookie’ to whatever you like. Its value isn’t important. And of course, you can change the name of your maintenance page.

    Update: as suggested by Michael, below, I’ve added the R=503 status code to indicate that the service is temporarily unavailable.

    Now you just need to create the cookie in your browser. Personally I use the FireCookie extension for Firebug which makes this very easy.

    That’s it!

    FireQuery: a Firebug add-on for jQuery

    Published February 4th, 2011

    If you work with jQuery, then I don’t think I need to explain why a plugin that shows you any jQuery-related properties of a DOM element would be useful — so go on and get it here. Of course you’ll need to have installed Firebug first (which you should have anyway, duh).

    Generating PDFs in PHP

    Published December 2nd, 2010

    For several recent projects I’ve been called upon to produce output in PDF format. For a PHP coder the difficulty lies not in the task itself, but in choosing which of the numerous PDF generation libraries to use.

    I’ve tried several over the past 18 months or so, including FPDF and TCPDF. TCPDF is a direct wrapper for PDF functions, which means getting your head around PDF’s layout behaviour — powerful but rather time-consuming. TCPDF does the same but also provides the ability to import HTML documents — much easier, but unfortunately not as stable as one might hope: in particular I had problems with elements (e.g. tables) that spanned pages.

    For my most recent project I’ve been experimenting with dompdf, which does away almost entirely with the notion of directly interacting with PDF layout in favour of attempting to provide more robust and flexible HTML import. As such it has impressively advanced CSS support, as well as excellent handling of tables and other markup. The documentation is somewhat lacking so in some cases it’s necessary to dig around in the support forum to find out what you need. But so far I’d say it’s by some margin the best of the libraries I’ve tried.