[RESOLVED] Setting cookies

LuiePL

I've been trying to figure out how to use cookies, but nothing out there tells me the setup for putting everything in order in the code. This is what I have so far, but it doesn't work

<?php
if ($_SERVER['REQUEST_METHOD'] == "POST") //If it was posted to set the cookie
	{
		$check = $_POST['set']; //The 'set' is if the user wants to be remembered
		if($check=='ON')
			{
				$name = $_POST['name'];
				$pass = md5($_POST['pass']);
				$cookie_data = $name.'-'.$pass;
				setcookie("user", $cookie_data); //No expiration
			}
		else
			{
				$name = $_POST['name'];
				$pass = md5($_POST['pass']);
				$cookie_data = $name.'-'.$pass;
				setcookie ("user", $cookie_data, time() + 3600); //Expire after 1 hour
			}
	}
echo "<HTML>";
echo "<HEAD>";
echo "<link rel='stylesheet' type='text/css' href='Style.css'>";
echo "<TITLE>Members Only</TITLE>";
require "header.php"; //Page with all the html code for the head and some body
require "body.php"; //Page with all the html code for the body up until:

----- All my login code (Enter name & password, authenticate etc) -----

require "footer.php"; //The rest of the HTML code
?>

bradgrafelman

Have you enabled display_errors and set error_reporting to E_ALL (integer 2047 I believe) ?
Are you getting any sort of PHP warnings/errors ?
Can you post a link to this page for us (or PM me a link if you don't feel comfortable posting a link for the world to see)?
How do you know the cookies don't work? Do you have a referece to $_COOKIE on another page? Don't forget, you can't access the cookie from within that superglobal until the next page load since the browser won't have sent it until then.

LuiePL

I've been getting some help on this. I did try the "error_reporting(E_ALL);" thing and resolved those errors. But I'm trying to figure out how to get the page to load the cookie. Would that include some header modification? I'll send you a pm...

bradgrafelman

Woops, I overlooked one thing - your code here:

setcookie("user", $cookie_data); //No expiration

is incorrect. If you don't specify an expiration time, the cookie will be set to expire immediately, meaning it's a per-session only cookie (once you close the browser window, it's gone).

EDIT: At least, I thought so... it's still finding the cookie data somehow. Hmm.

LuiePL

Sorry about that, it has since been changed to:

if ($_SERVER['REQUEST_METHOD'] == "POST")
	{
		$check = ( isset($_POST['set']) ) ? $_POST['set'] : '';
		$name = $_POST['name'];
		$pass = md5($_POST['pass']);
		$cookie_data = $name.'-'.$pass;
		$expiry = time() + 3600; //Expire in 1 hour

	if ( $check )
		{
			$expiry = time() + 24*365*3600; //Expire after 1 year
		}

	setcookie ("user", $cookie_data, $expiry);
	echo "Cookie Set. Expires: " . date("m/d/Y g:i:s A", $expiry);
	echo "<BR>Time now: " . date("m/d/Y g:i:s A", time());
}

bradgrafelman

Ah, that would be why it's stuck.

Then I'm confused - the cookie is being found just fine (it spits back a "Cookie: BradG-(md5 hash of my password)" message).

LuiePL

Yeah, now it's working for me... in IE6, not Firefox 1.5.0.6 though....

bradgrafelman

EEK! Definitely not a good thing... should be the other way around :p

Actually, I just popped open FireFox, and it seems ot work just fine. If I refresh the index.php page (or even close FireFox) I still see the "Cookie:" debug message with the appropriate info.

LuiePL

I updated the setcookie function to have all parameters set, thinking it might be a problem with that, but to no avail:

		$check = ( isset($_POST['set']) ) ? $_POST['set'] : ''; //The 'set' is if the user wants to be remembered
		$name = $_POST['name'];
		$pass = md5($_POST['pass']);
		$cookie_data = $name.'-'.$pass;
		$expiry = time() + 3600; //Expire in 1 hour
		$directory = "/Directory";
		$domain = "www.mydomain.org";

	if ( $check )
		{
			$expiry = time() + 24*365*3600; //Expire after 1 year
		}

	setcookie ("user", $cookie_data, $expiry, $directory, $domain, "0");
	echo "Cookie Set. Expires: " . date("m/d/Y g:i:s A", $expiry);
	echo "<BR>Time now: " . date("m/d/Y g:i:s A", time());

bradgrafelman

Actually, I would remove the www from the domain so it just reads ".mydomain.org". Also, the "secure" parameter should be an integer (well, the param list in the manual says bool but the table below on that page says 0 or 1, so who knows..).

As I said, the cookie works just fine for me in Firefox, so it might be a browser configuration error you're running into. Try going to the "Privacy" section under Options. Is the box "Allow sites to set Cookies" checked? Are either of the other boxes checked? What is the dropdown box set to?

LuiePL

I ended up having to clear the cookies for it to work properly, but it is now. Now I'm off to work on the logout, so it clears the cookie properly.

PS - I'm going to delete your account, now that we know it works. Thanks for your help!

bradgrafelman

LuiePL wrote:
PS - I'm going to delete your account, now that we know it works

Aww, I don't get to keep my membership? Only kidding, of course :p

Logout should be easy... just set the expire time in the past by at least an hour (just to make sure). Don't forget to mark this thread resolved (if it is)!

LuiePL

Not quite resolved yet... I don't know what I'm doing wrong, but I thought clearing cookies was easier. This is my code at the top:

if (isset($_COOKIE['user']))
	{
		setcookie ("user", "", time() - 3600);
	}

bradgrafelman

Here's a quote from the manual:

Cookies must be deleted with the same parameters as they were set with. If the value argument is an empty string, or FALSE, and all other arguments match a previous call to setcookie, then the cookie with the specified name will be deleted from the remote client.

LuiePL

I threw this code into the top of my "Logout.php" page, and it works in IE^ but not Firefox:

$expiry = 1;
setcookie('user', '', $expiry);
header('Location: http://www.mydomain.org/Directory/index.php');

bradgrafelman

As it should. You need to re-read my previous post...

Cookies must be deleted with the same parameters as they were set with...

LuiePL

Moved it to a subdomain, and set it up to use the same setup as the initial set, and it's working in both firefox and IE.