Moshe and all, Thanks for the clarification, you're correct that's how it should behave. The truth is I was mucking with the session_name() and session_id(). I find that if I don't muck, then the cookies are consistent even in IE. However, I have a good reason to muck with these values. I'm serving pages both on a regular website, and also in Facebook canvas pages (using iframes). I don't want the Facebook iframes to share session state with the normal web pages. So I call session_name() and session_id() with custom values. I do this in settings.php, before drupal calls session_start(). According to the PHP documentation, when session_start() is called, updated cookies are supposed to be sent. On reasonable browsers like Firefox this works as advertised. On IE, a cookie is set whose name is session_name(), but its value is not session_id(). I don't know where it's getting the value from. Has anyone else encountered this? Any ideas how to debug it? I'm looking for anything here as I really don't know how to diagnose problems with IE. -Dave On Friday 17 October 2008 11:47:03 Moshe Weitzman wrote:
3) From IE7, the session_name remains the same across all requests, but the session_id() of the initial page request is different from the ajax callbacks. In other words the session cookie's value changes. So $_SESSION is not shared. Is this what I should be seeing?
No. Browser's have a responsibility to always send back cookies to the domain+path that sent them. So if your ajax callback is sent back to the same domain and path as the session cookie, it has to be sent back. check the domain and path of the cookie and ajax callback carefully. You can control what path/domain the cookie gets set on using settings.php (see the comments there). Note that changing that can affect existing user's and their cookies.
[snip]
Screwed up install, or browser, or other.