I have a login setup on a site that stores login information in PHP’s $_SESSION, and additionally sets a two-week cookie with login information if a checkbox is checked. The user is considered logged in if valid login information is either submitted by POST or either cookie is true.

The behavior on FF3/Chrome is as intended, at least with the “Remember me” checkbox checked: log in anywhere and everywhere on the site you are treated as being logged in.

However, someone working with IE6 said that she logged on one place, clicked around on links to other sections of the site, and was asked to log in again. I ran into some trouble with my (Multiple IE) IE6, but I reproduced similar behavior on IE8, including setting Advanced Privacy Settings->Always allow session cookies, and otherwise set cookie permissions to be as tolerant as I could. The behavior was identical: log in one place in a way that should set both _SESSION and the two-week cookie, click on links to another pages, and the page presents you with a login screen because it doesn’t recognize you as logged in. PHP is 5.2.8 on a Gentoo server.

Any suggestions or resources to getting recognized cookies?

—

[Added after checking on traffic with Fiddler:]

Thank you; I have downloaded Fiddler 2.

Fiddler is reporting Set-Cookie: [name]=deleted… on the logouts in question. I’m presently puzzled as to why. The included file that checks and displays a login screen only has one area where it can delete the relevant cookies, inside a conditional if $_GET[‘logout’] is set. I didn’t see that happening, and when I put an error_log() statement inside the conditional before the statements to delete cookies, no additional messages appear to be being logged.