Why is my cookie test not working?

bunner_bob

Recently I posted about using a bit of PHP to check whether a user has cookies enabled (post is here ). Now my client is telling me he's getting the "no cookies" page, though he's checked that Firefox (XP) has cookies enabled. My exact implementation looks like this:

if (!isset($_GET['testcookie']) and !isset($_COOKIE['test']))
{
  setcookie("test", time(), time()+3600);
  header('location: '.$_SERVER['PHP_SELF'].'?testcookie=1');
}

if (isset($_COOKIE['test']))
{
	$page->set('content', $content->fetch('login.tpl.php'));
}
else
{
	$page->set('content', $content->fetch('no_cookies.tpl.php'));
}

Ya know - I bet he's bookmarked the URL FOLLOWING the test - to wit:
https://www.site.com/admin/index.php?testcookie=1

If he hit that URL and the cookie was expired, he'd get the "no cookies" message.

So...hmmm...how do I account for those who bookmark the post-test URL? It's like I need another test - it needs to loop twice or something.

Any bright thoughts on a way to do this sanely?

cgraz

is the redirect necessary? I did the same thing a few month back, except without the redirect. As long as you attempt to set the cookie before you check to see if it's there, the redirect should not be necessary.

Something like this should work:

// If the cookie doesn't exist, attempt to set it first.
if( !isset( $_COOKIE['SessionCheck'] ) )
{
	@setcookie( "SessionCheck", "On", time( )+3600, '/' );
}

if( !isset($_COOKIE['SessionCheck']) )
{
	$this->error = 'You must have cookies enabled to login.';
	return false;
	exit;
}

When I was developing this, I used Firefox a lot to take a look at my cookies. If you have it, You can go to Tools > Options > Privacy > Cookies and view the cookies set under your domain. I found this helpful.

bunner_bob

According to what I have read (mostly on this site), in order to determine if cookies are actually being set/passed, you have to load a "second" page of some kind and retrieve the cookie - you can't just check within the same page.

bunner_bob

I created a sort of yucky workaround - if the test fails, it sets another cookie and provides a manual link to "try again". If the user has bookmarked the "post-test" URL, this will let them try again and confirm cookie acceptance.

Not how I'd like to do it, but I can't think of another way.