determining if cookies work on client end

sneakyimp

Is there a way to determine if cookies work on the client end on a single page? I realize you can try to set a cookie and then forward to another page which checks to see if the cookie is set. Is there a way to check cookie functions on a single page?

madwormer2

<?php
if(!isset($_GET['test'])){
setcookie("testcookie", 'test');
header('Location:' . $_SERVER['PHP_SELF'] . '?test=yup');
}
else{
 if(isset($_COOKIE['testcookie'])){
echo 'Cookies enabled';
}
else{
echo 'Cookies DISABLED';
}
}

?>

sneakyimp

i've seen that code before. what i meant to ask is 'Is it possible to see if cookies work within a single execution of a single script?'

The reason I ask is because I'm working on sessions...if the cookies don't work, the session ID must get appended to all local URLs. All the session code I've seen ends up adding session ids to each link on the first page you visit....this could be problematic for search engines because the links might look different each time.

foid025

But if they're session specific pages - like some sort of control panel or what not, then search engines probably wouldn't index them anyways. There's one thing I was thinking... but it's not very efficient. You could make up a bogus cookie name, like say - msn or phpbuilder, and see if the pc has one of those. just keep cycling through 10 or 20 cookies that most people are prone to have, and see if they have it. :S ?

sneakyimp

i'm not certain, but i believe that you are not allowed to check cookies set by other domains? i could be wrong. I'll check into that. that's a good idea though...maybe check some really common/obvious cookies or something like hotmail.com or myspace.com or something. it's not foolproof though.

as for only needing to check in session-specific pages, that's not entirely true. suppose you login to check your personal messages and then go back to the home page? you would need to propagate the session id thru even the home page or the person would have to login each time they leave the session-specific pages.

crazychris

As far as I can tell, you cannot set & check cookies 'for real' without a 2nd page/round trip being involved. You can request that a cookie be set, but cannot confirm if it was or not until you try and get it back again, which is on the 2nd page.

sneakyimp

crazychris wrote:
As far as I can tell, you cannot set & check cookies 'for real' without a 2nd page/round trip being involved. You can request that a cookie be set, but cannot confirm if it was or not until you try and get it back again, which is on the 2nd page.

i think you're right. I am writing a function that will add the session id to relative URLs...i guess I'll just put a bot sniffer in there. i know the googlebot user agent details pretty well. does anyone know how to determine if a particular visitor is a bot or not? I'd like to create comprehensive bot sniffer.