I've tried searching and couldn't find the answer to my problem. I am using sessions to give users access to restricted pages.
When they login, their info is checked against the database and if that passes, a sessions is started and some session vars are initialized with some data. Using http headers, they are redirected to the restricted page where the session is checked before it will load the page. I understand that not all users support cookies, so I am using SID in the query string.
Throwing some echos in there, I found that SID is not set indicating the cookies got set. Before they are redirected, the variables are there. When I check for the variables on the restricted page they are not set and the SID is not in the query string.
I have just moved to a new host and my code worked on the old host. I've tested it with Firefox and IE6 and both had cookies enabled. Below is a snippet of the code used to start the session and redirect to the secured page.
// initiate a session
session_start();
// register some session variables
$_SESSION[SESSION]=1;
// including the user ID
$_SESSION[SESSION_UID] = $this->UID;
// redirect to protected page
$sessionID = strip_tags(SID);
header("Location: $this->restrictedPage?$sessionID");