Cookies and Frames

timbr8ks

I built a site for a client that works great. The login sets a cookie and then subsequent pages read that cookie -- you can get to those pages only if the cookie exists. The usual stuff.

However, when the client launched the site, he put it in frames. The initial frame and the actual site are on different virtual servers. Now the cookie won't work.

I'm setting the cookie like this:

[SQL Query to look up user]
$row=mysql_fetch_array($result);
$id=$row[person_id];
setcookie ("cookie_name", $id, 14400);

On the next page, it does not find the cookie. I've tried adding paramters, like this:

setcookie ("cookie_name", $id, 14400, "", "actualsitename.com");
or
setcookie ("cookie_name", $id, 14400, "", "framesitename.com");

but that does not work.

Can anyone suggest a solution?

Thanks.

AstroTeg

A cookie will only be available to the domain that set it. So if you're on domain X and you try setting or reading a cookie in domain Y, it won't work. The browser will know better.

Although I'm kind of surprised it didn't work when the user put it in frames.

This one could be a tough one to troubleshoot. I'd say put the code back to how you had it working. Then create a dummy frame page and put your page in a frame much like how this guy is doing it. See if you're having the same problem. For giggles, double check the browser and OS and make sure they're somewhat up to date.

When troubleshooting, check the domain name the cookie gets stored under. Its also very possible the browser is bouncing the cookie since the cookie is coming from domain X but the browser thinks its from domain Y.

timbr8ks

I did exactly what you suggested already, and sure enough the site did not work. I created a frame on one virtual server, calling the site located on a different virtual server. No dice.

How do I check the domain the cookie is being stored under?

If this is not going to work, do you have any other suggestions?

Thanks again.

AstroTeg

Hmm... JavaScript. On the body's onLoad, set it to check if the page is in a frame and have it break out. http://www.irt.org probably has code to do this (look for JavaScript and then FAQ and then frames).

That might work for you, but I don't know if that's an acceptable solution. I think if you have to keep the frames, you may have to pass a session ID around on the URL. Not pretty, but it should work and PHP should be smart enough to do all the ID inserting for you...

timbr8ks

Thanks again.

I did try switching to sessions, but that did not work. I did not try passing it through the URL, however, as we're in frames, and I didn't think I could.

I'm not familiar with this solution. How do I tell the page to put the session info in the URL?

Your help is really appreciated.

AstroTeg

Check out:

http://www.php.net/manual/en/ref.session.php

And then on that page, check out:

session.use_cookies
session.use_only_cookies

I'm wondering if you can set those to not use cookies and force PHP to use the URL parameter approach instead. If you don't have access to php.ini, there's a way to set those in .htaccess. I don't have the link that shows how to do it (at least at this moment)...