If cookies enabled then create or reuse id

[Zhris]

Hello,

I am trying to create a script which first checks if the user has cookies enabled or not. If they are then give the cookie a unique random value. If the page is reloaded then I don't want to give the cookie a new value, but give it back its current value and re-extend its expiry time. During testing, the cookie expires after only 60 seconds.

However, even though I have cookies enabled, sometimes I recieve the message "Cookies disabled", or when I disable cookies sometimes a cookie is created. I am also having problems where sometimes the cookie keeps its current value whilst most of the time on refresh (within say 2 seconds) the cookie is given a new value, when it should retain its previous value.

Firstly am I doing this in the correct way and secondly what am I doing wrong for these strangely varying issues to occur? I am testing in IE 8 and Firefox 3.5.7.

<?php
if (!isset($_GET['c'])) {
	set_cookie (uniqid(time(),true));
	header ('Location:' . $_SERVER['PHP_SELF'] . '?c=1');
}
if ((isset($_GET['c'])) and ($_GET['c'] == 1)) {
	if (!isset($_COOKIE['b-id'])) {
		echo "<p>Cookies disabled.</p>";
	}
	else {
		$cookie_val = $_COOKIE['b-id'];
		set_cookie ($cookie_val);
		echo "<p>b-id = $cookie_val</p>";
	}
}

function set_cookie ($cookie_val) {
	setcookie ('b-id', $cookie_val, time() + 60);
}
?>

Thank you,

Chris

 

[jpadie]

the php manual reports bugs with IE implementation of setcookie and time based expiration values.

LexyFivethousandTwothousandTwo at yahoo dot com
24-Sep-2009 12:42
If your isset($_COOKIE['cookieName']) call fails even though
the setcookie("cookieName", $cookieValue, time(),..) returned
success, try replacing the timeout value with "0". I just spent
an entire day on this strange problem. I am using IE8. This
same call worked OK in the past with a timeout value of
time() + 360. Anyway, changing it to "0" fixed the problem.

--Alex.

 

[Zhris]

Thank you for your response.

I've just realised that I don't actually need to specify an expiration time because it would be better if they automatically expire when the browser closes.

I am basically creating a shopping basket script, and I am giving the user a unique id when they first open the website so that a record of their "add to basket" clicks can be kept no matter where they go on the website, until they have made payment.

I have changed my script as follows:

<?php
#Check if cookies are enabled
if (!isset($_COOKIE['c'])) {
	if (!isset($_GET['c'])) {
		setcookie ('c', 'set');
		header ('Location:' . $_SERVER['PHP_SELF'] . '?c=1');
	}
	if ((isset($_GET['c'])) and ($_GET['c'] == 1)) {
		if (!isset($_COOKIE['c'])) {
			echo "<p>Cookies disabled.</p>";
		}
	}
}
#Create or extend basket id
if (!isset($_COOKIE['b-id'])) {
	setcookie ('b-id', uniqid(time(),true));
	echo '<p>Cookie set = b-id =' . $_COOKIE['b-id'] . '</p>';
}
else {
	setcookie ('b-id', $_COOKIE['b-id']);
	echo '<p>Cookie set with previous value = b-id =' . $_COOKIE['b-id'] . '</p>';
}
?>

Q1) If I wanted to limit the cookie to a domain, would I skip the time expiration part by leaving a blank space between the commars e.g. setcookie ('b-id', uniqid(time(),true),,'/','.domain.com');? Or should i write something like ,null,?

Q2) The if (!isset($_COOKIE['b-id'])) { loop seems to never be entered. I notice this because the echo statement is never printed. However it must have entered this loop at some point in order to have created the b-id cookie and given it a unique id (as the else statement is entered every time)?

 

[jpadie]

use sessions instead. that is what they are designed for.

q1, send a 0 or null value

q2. nope it will never be called as the cookie is set in the first conditional. unless the user interacts to cancel the cookie manually or randomly adds the query string to the url.

but manual cookies are not the way to go here. use sessions.

 

[Zhris]

Thank you very much,

I have had a look at sessions and seems to be just what I need.

Would I still need to check if users have cookies enabled or not. I assume I would?

Also, when I call session_id() would this value be guranteed to be unique to every user or should I create my own unique value?

Chris

 

[jpadie]

Sessio ld is unique for the universe of sessions used by your server at any moment. They are not globally unique but do not need to be.
Session Ids are generated for each new session rather than each new user.
If you have transid enabled in php.ini you do not need to worry about whether cookies are enabled. If they are not then php will rewrite your links on the fly to include the session identifiers. Further the vast majority of people allow session cookies even if they disallow other cookies. Most browsers are able to make the distinction.

Good luck!

 

[Zhris]

Thats cleared up a great deal of what I was unsure about. Thank you very much.