cookie problems!

Riley

hey, I'm using a login script and once the script makes sure that username and/or password are not blank and are valid, it creates cookies:

$md5_password = md5($_POST[password]);
setcookie("username","$_POST[username]",time()+30000000);
setcookie("password","$md5_password",time()+30000000);
echo "<meta http-equiv=refresh content=\"5;url=$siteurl/loggedin.php\">";
include("header.php");
print("<i>please wait while you are being logged in</i>");

the cookies must not be working because in my header/template I have a code like this:

if($_COOKIE[username] AND $_COOKIE[password])
{
print("
<a class='toplinks' href='index.php'>home</a> - <a class='toplinks' href='logout.php'>logout</a> - <a class='toplinks' href='filemanager.php'>file manager</a>");
}
else
{
print("
<a class='toplinks' href='index.php'>home</a> - <a class='toplinks' href='login.php'>login</a> - <a class='toplinks' href='signup.php'>signup</a>");
}

the above code does not work for the people who have tested it. they get the regular "signup" menu, not the logged in one. I know that they all have cookies enabled.

to make this even more frustrating, it works for me! it works fine. everything. so what does that mean? how can the cookies work for me, and not them? I've used this exact login script before and it worked fine for everyone. what am I doing wrong this time? 🙁

here's one possibility: the whole page is displayed through an iframe. I'm using FireFox on a mac, but is it possible that for, say, a Windows user using IE the cookies would not work properly because of the iframe?

rehfeld

are you mixing subdomains?

for example

http://foo.com
http://subdomain.foo.com
http://www.foo.com

you CANT set a cookie on one domain and have it work on the others. yes, www.foo.com IS a DIFFERENT domain than just foo.com as far as the browser is concerned

some browsers might allow this based on security settings, this could be why its working for you and not others.

so if the domain name of your frame is not the same as the rest of the site, the cookies will not work like you want.

when setting the cookie, you can tell the browser its ok to share the cookie w/ other subdomains of the same website.

setcookie('name', 'value', time(), '.foo.com');

notice how i put a . in front of the domain name in set cookie. thats how you do it. then the browser will send the cookie to foo.com and any subdomain.foo.com as well

Riley

that makes sense because the script is on a subdomain! so if my site is [url]http://mysite.com,[/url] and the script is on http://login.mysite.com

setcookie("username","$_POST[username]",time()+30000000, '.mysite.com');

should work, yes?

Riley

still having problems. this time I can't even login!

if the cookies are never used outside of the subdomain, can I use something like 'subdomain.mysite.com'? should I use an absolute path?

rehfeld

oops, sorry i goofed. try this

setcookie("username", "$_POST[username]", time()+30000000, '/', '.mysite.com');

i forgot the path parameter comes before the domain param.

you should read the php manual page for setcookie. theres likely other info you may find usefull.