Check If Cookies Enabled - The Definitive Answer?

ClevaTreva

Hi All

If the below works, should I post it in the snippets section?

This is THE definitive method of testing if cookies are enabled on a user's PC, BEFORE loading the page for the user to view. It relies on Java being enabled on the user's PC.

All the other methods I have seen posted DO NOT work because they rely on setting a temporary cookie, and then checking if it is there. The problem with this is that when you set a cookie, you cannot read it until the page has loaded, and thus you cannot check it from the first page the user sees.

NOTE: I have not seen this method used anywhere else, but apologies if someone has done this before, I just couldn't find it!

Somehow, you need to load the page with no content, set the cookie, reload the page, check the cookie and display the page with whatever content is appropriate.

My first attempt reloaded the page with a variable passed in the URL (http://www.yourweb.com/index.php?status=yes). But, IF the user bookmarked this page or noted the variable, they could then bypass my test.

In the end, I used a hidden form with a post method, and used java to submit it. On re-entering the page after reload, a quick $_POST is used to fetch the variable (just in case register_globals is off) and then it is checked.

Your php file:

<?PHP
if ($POST['cookiecheck']) $cookiecheck=($POST['cookiecheck']);
if (!$cookiecheck||$cookiecheck!="yes")
{
setcookie("TEMPCOOKIE", "NOVALUE", time() + 60 * 60);
echo "
<form name=\"hiddenform\" method=\"post\">
<input name=\"cookiecheck\" type=\"hidden\" value=\"yes\">
</form>
<script>javascript:document.hiddenform.submit();</script>
";
exit;
}
else
{
echo "
<html>
<head>
<title>
</title>
</head>
<body>
YOUR BODY TEXT HERE
";
$cookieinfo = $HTTP_COOKIE_VARS["TEMPCOOKIE"];
if ($cookieinfo != "NOVALUE")
{
include("cookiewarning.inc.php");
}
echo "
MORE BODY TEXT HERE
</body>
</html>
";
}
?>

Trevor 🙂

cyclops

sorry, this is A method, but this is NOT the definitive method
what if the user has disabled javascript ?

cosminb

Another way to check this is to do smth like this:
index.php file of your site

<?php
setcookie('testCookie','ok');
header('Location: startPage.php');
//where startPage.php is the index page of your site
?>

and in startPage.php you write

if ($_COOKIES['testCookie']==='ok')
{
... some code
}
else
  echo '....some error mesage';

HalfaBee

Shouldn't you set the 'testCookie' with a short expire time?

HalfaBee

cosminb

This way the cookie will expire when the session is over. Of course you can set the cookie to expire in 5 seconds or smth like that ...
🆒

HalfaBee

I really hate cookies!

But how does the cookie know the session is over?

HalfaBee

cosminb

the cookie is a file
it doesn't know anything.
the client's browser, on the other hand, know when cookies expire and deletes them.
a session is over when the browser closes.

so by not specifiing an expire date for the cookie the cookie will last as long as the client's browser is opened.

HalfaBee

Yes I know that.
But it still doesn't answer the question.

What time is the cookie set to expire?

You said it was when the session was over, but that could be 1 minute or 20 minutes.

So what is the cookie expire time set to when you do not specify the expire time?

HalfaBee

cosminb

I've reedited my post... I hope that will answer your question

bug

Originally posted by HalfaBee

So what is the cookie expire time set to when you do not specify the expire time?

Cookie will be active until client close browser window

HalfaBee

OK. Thanks for that.

So if I set the time to expire for 2 seconds what happens?

HalfaBee

cosminb

if an expire time will be set the cookie will expire after that if not .... read the above answers.

read this for more examples : http://www.php.net/manual/en/function.setcookie.php

HalfaBee

Thanks for that.

The php manual I have on my PC did not say that 'if not set it lasts a session'

Thanks for the help

HalfaBee

ClevaTreva

Golly, I didn't expect that much interest 😃

As to cosminb's suggestion to go to another file, my argument is that the user can then bookmark that page and thus avoid the check.

My suggestion was for those who needed to keep the user in the index page without them knowing what variable had been used to test.

Of course the cookie can be set to whatever expriy you want, this was JUST an example.

I DID say, right at the outset, that it relied on java being enabled.

But, most importantly, given my needs (and often the needs of other web writers), the method I posted still seems the only way to do it.

NO re-direct to another page.
No way to bookmark the page to avoid the check.
Not looking for a particular cookie, just to check IF they are enabled.

I have seen folks asking for such a method so many times.

All of you have valid points, but does anyone have any alternative method that works to satisfy the 3 conditions?

Trevor

cosminb

Tip to avoid bookmark and skip the cookie test:
You can always check on startPage.php if
$SERVER['HTTP_REFERER'] is index.php.
I'm not checking for a particular cookie, I'm just too see if that cookie has a value. You can use
if ($COOKIES)
instead of
if ($_COOKIES['somecookie'])

As for your first point (no redirection) don't have any ideea for now ... 🙁. Your solution seems better from this point of view.

ClevaTreva

You're right, you could add that check in at the top of the forward to page, and bump them right back if they had avoided the index page!

I will have a look at putting a check for java in the code also, next week maybe.

Trevor