Believe it or not, I've seen this problem before. I know that IE6 does not like *some* special characters (not sure about the complete list of problematic characters) in the sub domain name portion of the URL such as underscores, etc.

What is the sub domain part of your URL? For example, I've experienced IE dropping and/or mishandling cookies with URLs like this:

Note the underscore. I know it causes a problem for IE6. As I recall, it was especially a problem with HTTPS URLS. Obviously, URLS should conform to the RFC guidelines.

Is there any way around this? Issue? Or is it just the case that IE6/7 won't handle cookies for domains (subdomains) with underscores?


I know I am coming in late to this thread. But I had this exact problem:

I'd be doing something on my website, and then the session variable would completely vanish. No idea what happened, scanned the web for an answer and finally found it:

I am using a link in my code. Something that looks like: <a href="javascript:void(0)" onclick="fn();">Help!</a>

Because the javascript:void(0) was in that link, the server did something when it was clicked, which either reloaded the page or something I haven't been able to determine. My session variable got wiped out.

I then changed that link to a button, something like <button onclick="fn();">Help!</button> and the problem immediately stopped occuring.

Hope this helps!

Try this:

  header('P3P: CP="CAO PSA OUR"');


Thankyou thankyou thankyou thankyou!! This has been driving me crazy for the last couple of days.

I am developing a questionnaire spread over 6 pages and use CakePHP as the framework for it. In this questionnaire I save all the fields in a session variable to pass it over to other pages of the questionnaire. The default PHP setting is to handle session through cookies and the default CakePHP setting is to use PHP's setting. In CakePHP's core.php I've changed the configuration variable to 'cake' instead of 'php' so CakePHP will store the sesssion in a temporary file on my server. And the problem was fixed! You two are my heroes of the week!!


header("Set-Cookie: SIDNAME=ronty; path=/; secure");

header('Cache-Control: no-cache');

header('Pragma: no-cache');

use this on top of the page to fixed IE7

header('location: land_for_sale.php?phpSESSID='.session_id());

use ?phpSESSID='.session_id() to your location : to fixed IE6

answered 1 min ago

header('P3P: CP="CAO PSA OUR"');

Brilliant. Thank you. I was working on a Facebook application and I needed to persist the the "fan" status from page load to page load (the FB signed request only comes in on the first page load). IE7 wasn't working - it was losing the PHPSESSIONID. I added in that header and now it works again.