Cookie set, but not initially showing...

netfrugal

Situation:

I am setting the cookie just fine. And my PHP pages are retrieving the cookie variable just fine too.

However, it's the very First cookie variable retrieval that does not show!
But, if I refresh the page, then it will show.

Layout:

I have one page for logging in. The form asks for username and password ( as always ).

If authenticated from the db, it redirects back to itself to show the rest of the page.

I am placing the setcookie function above everything in the code:

<?
setcookie("user", $_GET['user'], time()+3600);
?>
And the following calls the Cookie variable in the page:

<td><? echo $_COOKIE['user']; ?></td>

I've tried POST & GET, but it gives the same thing.

Does anyone know why the variable does not initially show, unless I refresh the page?

thanks!

NogDog

setcookie() sends the cookie to the client, it does not set anything in the current script. Therefore, $COOKIE is not populated until the next page request comes from the browser, at which time it sends the cookie along with that request. If you want the same value to be immediately available in your script, you'll have to manually set the relevant $COOKIE element in addition to doing the setcookie().

netfrugal

I thought that I am calling another page request (even though it is the same page).
I am using and LDAP function to authenticate from Active Directory. If the user is not authenticated , then the code shows the form on the bottom. Otherwise it shows $authenticated.

Here's the Code:

<?php
session_start();
header("Cache-control: private");

require('../includes/configure.php');

setcookie("user", $_GET['user'], time()+3600);
?>
<html>
<head>
<title>HR New Record Form</title>
</head>
<?php require_once("../includes/adLDAP.php");

// We've Authenticated and also entered our search information

if ($logintest || ($SESSION['user'] && $SESSION['pass'])) { // We've entered our AD Credentials, verify.

if (!$_SESSION['user']) {
	$_SESSION['user'] = $_POST['user'];
	$_SESSION['pass'] = $_POST['pass'];
}

$adldap = new adLDAP();
if ($adldap -> authenticate($user,$pass)){
	if ($adldap -> user_ingroup($user,"Domain Users")){
		$authenticated = 1;
	} else {
		print "You are not authorized to complete this request.  If this is in error please contact IT.<br /><br /><a href='insert.php'>Retry.</a>\n";
		$_SESSION['user'] = FALSE;
		$_SESSION['pass'] = FALSE;
	}
} else {
	$_SESSION['user'] = FALSE;
	$_SESSION['pass'] = FALSE;
	print "Incorrect Username or Password, please try again.<br /><br /><a href='insert.php'>Retry.</a>\n";
}

if ($authenticated) { // We've completed AD Authentication ?>

<body>

<table width="393" border="0" align="center">
<tr>
<td width="206">Cookie info: </td>
<td width="197"><? echo $_COOKIE['user']; ?></td>
</tr>
</table>

<?php

} else { // We need to authenticate the user ?>

<span class='WarningText'>[ This Area is Restricted to Managers and Administrators. ]</span><p>Please Login to Continue.</p>
<form method='GET' action='<? echo $_SERVER['REQUEST_URI']; ?>'>
<table><tr>
<td>Username:</td><td><input type='text' name='user' value=''>&nbsp;(Same as your windows login)</td></tr>
<tr><td>Password:</td><td><input type='password' name='pass'></td></tr></table>
<input type='hidden' name='logintest' value='1'>
<br /><input type='submit' value='Submit'>

<? } ?>
</body>
</html>

NogDog

Currently, any time you access the page without a GET value for 'user', then you set the 'user' cookie with a blank value. So the sequence might go like this:

You call up the page in a non-logged-in status: there is no cookie received from the client so no $COOKIE['user'] value is set, setcookie sends the new cookie to the client with the value set to "" since there is no $GET['user'], and the login form is displayed.
You submit the form: now the cookie is received from the client but it has an empty value, so $COOKIE['user'] has a value of "", you send a new cooke value to the client with the value received from the form in $GET['user'], and if the validation is OK you then display the value of $_COOKIE['user'] (which is an empty string).

Of course, since you're using sessions to track login status and your $SESSION array includes the $SESSION['user'] element, I would ask whether there is any point to even bothering with a cookie also storing the user ID?