The Setup:
Testing a rich web app built with Cake/PHP and heavy on JavaScript and AJAX, with a MySQL/ Apache backend. The site is a typical login/password entry (non-SSL) with sessions managed by PHP and additional info saved via cookies. We support the main versions of IE, FF, and Safari on the PC and Mac.
The Bug:
One particular user was experiencing her session being killed almost immediately after logging in within IE8, but not on FF or Saf. She would login, click no more then two links within the site, then get booted out by the third link with our standard "Please log in" message displaying.
No other user within our system was experiencing this issue, and with my various test logins and data I also could not reproduce this behavior.
Going Hunting:
After being unsuccessful at recreating this bug, I managed to get in touch with our distressed user to perform a screen-sharing session with her and witness the issue firsthand while asking questions. I noted her particular user login information, made sure her cache and cookies were cleared, and retested, all to no matter.
Using the same exact information and browser version on my own machine I still could not recreate the issue, so at this moment the warning signs were unmistakable: we have an environmental issue on our hand. Some setting, plugin, or other browser configuration was causing (or contributing to) this error.
Armed with this info, the developer gets involved and adds additional logging functionality to capture more info, while we continue to have her recreate the problem. Still not seeing anything obvious, the developer and I go off to research and continue the investigation.
The Solution:
I found
this article describing IE rejecting sessions under certain circumstances, plus the possibility that a server/client timezone conflict might contribute to the issue. No go - our server and client's timezone were correct.
Additionally, no clear settings on IE8 contributed to this behavior: compatibility settings, security settings, and other configurations made no difference in triggering the desired affect.
Further research by the dev unveiled the relationship between a plugin the user had installed and IE. She was using the Google Chrome plugin for IE which has some known bugs in regards to sessions:
After adding the plugin I recreated the unexpected logout behavior myself, and noted the plug-in display within the configuration section of IE.
After discovering the source of our issue, the developer put in a fix to allow the Chrome plug-in to play nicely with our code, and the issue is resolved. This (and checking for all plug-ins) will certainly be on my radar for future bughunt mysteries!