Cookie Trouble: getting the information back out...

Hi all,

I suspect I already know part of the answer to this, but I'm not sure
which way to go with it. I've got a project I'm working on and one of
the things it's got to do is set cookies and then read them later. When
the app was first written I was doing everything in PERL and cookies are
fairly straight-forward, however I'm finding cookies in PHP somewhat
problematic.

Setting the cookie is a snap, however getting the info back out is,
well... problematic.

this is basically what I'm doing, what I'm seeing in the cookie, and
what I'm getting back out.

Setting the cookie
==========================
$values = "blah|blah|blah";
setcookie("cookiename", $values, time()+$timevalue);


Inside the Cookie
==========================
Content: blah%7Cblah%7Cblah


Getting info Out Of Cookie
==========================
list($first,$second,$third) = explode("|", $values);


Cookie Test Page
==========================
if (isset($_COOKIE["cookiename"])){
list($first,$second,$third) = explode('|',$_COOKIE["cookiename"]);
echo "<p>I found your cookie</p>\n";
echo "<p>The following Values were Contained in the cookie:<BR>
Username: $first<BR>
Password: $second<BR>
Type : $third</p>\n";
}
else{
echo "<p>I wasn't able to find your cookie.</p>\n";
}

Now, I've constructed a cookie_test.php page to check things out and the
strange behavior I'm seeing is, upon first execution I get the "else"
block, but if I hit the browser's reload button I get the "if" block. At
first I thought the cookie wasn't being read at all because of weird
characters, but then upon reloading the page and seeing the "if" block
being displayed I'm thoroughly confused. It's gotta something simple I'm
missing.

and I swear if someone tells me to RTFM I'm gonna shit and go blind
cause I haven't got a clue as to "which" part of the FM to read
concerning this. :)

thanks,

--
Mark
-------------------------
the rule of law is good, however the rule of tyrants just plain sucks!
Real Tax Reform begins with getting rid of the IRS.
==============================================
Powered by CentOS5 (RHEL5)

On Tue, Mar 25, 2008 at 9:11 PM, Mark Weaver <mdw1982@mdw1982.com> wrote:
> Hi all,
[snip!]
>
> Cookie Test Page
> ==========================
> if (isset($_COOKIE["cookiename"])){
> list($first,$second,$third) = explode('|',$_COOKIE["cookiename"]);
> echo "<p>I found your cookie</p>\n";
> echo "<p>The following Values were Contained in the cookie:<BR>
> Username: $first<BR>
> Password: $second<BR>
> Type : $third</p>\n";
> }
> else{
> echo "<p>I wasn't able to find your cookie.</p>\n";
> }
>
> Now, I've constructed a cookie_test.php page to check things out and the
> strange behavior I'm seeing is, upon first execution I get the "else"
> block, but if I hit the browser's reload button I get the "if" block. At
> first I thought the cookie wasn't being read at all because of weird
> characters, but then upon reloading the page and seeing the "if" block
> being displayed I'm thoroughly confused. It's gotta something simple I'm
> missing.

Is this block of code executed immediately after the cookie is
set? Sometimes PHP works too fast for its own good and the client
doesn't even realize it has a cookie yet. Try setting it with one
page and either sleep()'ing for a bit or forcing a link-click or page
refresh before checking for the cookie.

Conversely, $_SESSION data is much quicker, since the PHPSESSID
cookie is sent as soon as you initialize the session
(session_start()), and you can then immediately access the variables.

Proof-of-concept:
<?php
// session-test.php
session_start();
$_SESSION['test'] = "This is only a test.";
echo $_SESSION['test']."<br />\n";
?>

<?php
// cookie-test.php
setcookie("cookiename","This is a cookie test.",time()+86400);
echo $_COOKIE['cookiename']."<br />\n";
?>


--
</Daniel P. Brown>
Forensic Services, Senior Unix Engineer
1+ (570-) 362-0283

On Mar 25, 2008, at 6:11 PM, Mark Weaver <mdw1982@mdw1982.com> wrote:

> Hi all,
>
> I suspect I already know part of the answer to this, but I'm not
> sure which way to go with it. I've got a project I'm working on and
> one of the things it's got to do is set cookies and then read them
> later. When the app was first written I was doing everything in PERL
> and cookies are fairly straight-forward, however I'm finding cookies
> in PHP somewhat problematic.
>
> Setting the cookie is a snap, however getting the info back out is,
> well... problematic.
>
> this is basically what I'm doing, what I'm seeing in the cookie, and
> what I'm getting back out.
>
> Setting the cookie
> ==========================
> $values = "blah|blah|blah";
> setcookie("cookiename", $values, time()+$timevalue);
>
>
> Inside the Cookie
> ==========================
> Content: blah%7Cblah%7Cblah
>
>
> Getting info Out Of Cookie
> ==========================
> list($first,$second,$third) = explode("|", $values);
>
>
> Cookie Test Page
> ==========================
> if (isset($_COOKIE["cookiename"])){
> list($first,$second,$third) = explode('|',$_COOKIE["cookiename"]);
> echo "<p>I found your cookie</p>\n";
> echo "<p>The following Values were Contained in the cookie:<BR>
> Username: $first<BR>
> Password: $second<BR>
> Type : $third</p>\n";
> }
> else{
> echo "<p>I wasn't able to find your cookie.</p>\n";
> }
>
> Now, I've constructed a cookie_test.php page to check things out and
> the strange behavior I'm seeing is, upon first execution I get the
> "else" block, but if I hit the browser's reload button I get the
> "if" block. At first I thought the cookie wasn't being read at all
> because of weird characters, but then upon reloading the page and
> seeing the "if" block being displayed I'm thoroughly confused. It's
> gotta something simple I'm missing.
>
> and I swear if someone tells me to RTFM I'm gonna shit and go blind
> cause I haven't got a clue as to "which" part of the FM to read
> concerning this. :)
>
> thanks,
>
> --
> Mark
> -------------------------
> the rule of law is good, however the rule of tyrants just plain sucks!
> Real Tax Reform begins with getting rid of the IRS.
> ==============================================
> Powered by CentOS5 (RHEL5)
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

Did you forget the <?php ?> tags?

On Tue, Mar 25, 2008 at 9:31 PM, Daniel Brown <parasane@gmail.com> wrote:
> On Tue, Mar 25, 2008 at 9:11 PM, Mark Weaver <mdw1982@mdw1982.com> wrote:
> > Hi all,
> [snip!]
>
> >
> > Cookie Test Page
> > ==========================
> > if (isset($_COOKIE["cookiename"])){
> > list($first,$second,$third) = explode('|',$_COOKIE["cookiename"]);
> > echo "<p>I found your cookie</p>\n";
> > echo "<p>The following Values were Contained in the cookie:<BR>
> > Username: $first<BR>
> > Password: $second<BR>
> > Type : $third</p>\n";
> > }
> > else{
> > echo "<p>I wasn't able to find your cookie.</p>\n";
> > }
> >
> > Now, I've constructed a cookie_test.php page to check things out and the
> > strange behavior I'm seeing is, upon first execution I get the "else"
> > block, but if I hit the browser's reload button I get the "if" block. At
> > first I thought the cookie wasn't being read at all because of weird
> > characters, but then upon reloading the page and seeing the "if" block
> > being displayed I'm thoroughly confused. It's gotta something simple I'm
> > missing.
>
> Is this block of code executed immediately after the cookie is
> set? Sometimes PHP works too fast for its own good and the client
> doesn't even realize it has a cookie yet. Try setting it with one
> page and either sleep()'ing for a bit or forcing a link-click or page
> refresh before checking for the cookie.
>

Um... Cookie data ISN'T available to the same script that sets it. If
you use setcookie(), all it does is send a header to the browser
immediately ahead of the output of your script telling the browser to
store those values in either memory or on disk. The value will not
appear in the $_COOKIE array until the browser requests the next page
and includes the Cookie: header as part of the request.

The part of the manual that applies is this line:

"Once the cookies have been set, they can be accessed on the next page
load with the $_COOKIE or $HTTP_COOKIE_VARS arrays."

$_SESSION variables are available immediately as soon as you set them.
The session cookie still isn't set on the client until the browser
processes the response headers at the end of the transaction, but the
values are already in the array and, if the session cookie works they
will be accessible on successive requests.

Andrew

Andrew Ballard wrote:
> On Tue, Mar 25, 2008 at 9:31 PM, Daniel Brown <parasane@gmail.com> wrote:
>> On Tue, Mar 25, 2008 at 9:11 PM, Mark Weaver <mdw1982@mdw1982.com> wrote:
>> > Hi all,
>> [snip!]
>>
>> > Cookie Test Page
>> > ==========================
>> > if (isset($_COOKIE["cookiename"])){
>> > list($first,$second,$third) = explode('|',$_COOKIE["cookiename"]);
>> > echo "<p>I found your cookie</p>\n";
>> > echo "<p>The following Values were Contained in the cookie:<BR>
>> > Username: $first<BR>
>> > Password: $second<BR>
>> > Type : $third</p>\n";
>> > }
>> > else{
>> > echo "<p>I wasn't able to find your cookie.</p>\n";
>> > }
>> >
>> > Now, I've constructed a cookie_test.php page to check things out and the
>> > strange behavior I'm seeing is, upon first execution I get the "else"
>> > block, but if I hit the browser's reload button I get the "if" block. At
>> > first I thought the cookie wasn't being read at all because of weird
>> > characters, but then upon reloading the page and seeing the "if" block
>> > being displayed I'm thoroughly confused. It's gotta something simple I'm
>> > missing.
>>
>> Is this block of code executed immediately after the cookie is
>> set? Sometimes PHP works too fast for its own good and the client
>> doesn't even realize it has a cookie yet. Try setting it with one
>> page and either sleep()'ing for a bit or forcing a link-click or page
>> refresh before checking for the cookie.
>>
>
> Um... Cookie data ISN'T available to the same script that sets it. If
> you use setcookie(), all it does is send a header to the browser
> immediately ahead of the output of your script telling the browser to
> store those values in either memory or on disk. The value will not
> appear in the $_COOKIE array until the browser requests the next page
> and includes the Cookie: header as part of the request.
>
> The part of the manual that applies is this line:
>
> "Once the cookies have been set, they can be accessed on the next page
> load with the $_COOKIE or $HTTP_COOKIE_VARS arrays."
>
> $_SESSION variables are available immediately as soon as you set them.
> The session cookie still isn't set on the client until the browser
> processes the response headers at the end of the transaction, but the
> values are already in the array and, if the session cookie works they
> will be accessible on successive requests.
>
> Andrew
>

Thank you Andrew... Now it all makes perfect sense. Good grief! there's
so much to learn. It seems that Java was easier. ;)

--

Mark
-------------------------
the rule of law is good, however the rule of tyrants just plain sucks!
Real Tax Reform begins with getting rid of the IRS.
==============================================
Powered by CentOS5 (RHEL5)

On Tue, Mar 25, 2008 at 9:59 PM, Mark Weaver <mdw1982@mdw1982.com> wrote:
> Thank you Andrew... Now it all makes perfect sense. Good grief! there's
> so much to learn. It seems that Java was easier. ;)

That's not specific to PHP. It's just how http works, so it's the same
for ASP, Perl, I suspect Java and most (if not all) other languages.
There might be a language that sets a cookie when you assign a value
to a special cookie variable, but I'm not familiar with any.

Andrew

On Mar 25, 2008, at 7:12 PM, "Andrew Ballard" <aballard@gmail.com>
wrote:

> On Tue, Mar 25, 2008 at 9:59 PM, Mark Weaver <mdw1982@mdw1982.com>
> wrote:
>> Thank you Andrew... Now it all makes perfect sense. Good grief!
>> there's
>> so much to learn. It seems that Java was easier. ;)
>
> That's not specific to PHP. It's just how http works, so it's the same
> for ASP, Perl, I suspect Java and most (if not all) other languages.
> There might be a language that sets a cookie when you assign a value
> to a special cookie variable, but I'm not familiar with any.
>
> Andrew
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

JavaScript, but that's already on the client.

Andrew Ballard wrote:
> On Tue, Mar 25, 2008 at 9:59 PM, Mark Weaver <mdw1982@mdw1982.com> wrote:
>> Thank you Andrew... Now it all makes perfect sense. Good grief! there's
>> so much to learn. It seems that Java was easier. ;)
>
> That's not specific to PHP. It's just how http works, so it's the same
> for ASP, Perl, I suspect Java and most (if not all) other languages.
> There might be a language that sets a cookie when you assign a value
> to a special cookie variable, but I'm not familiar with any.
>
> Andrew
>

Unless I was doing something differently when I originally wrote this in
PERL I don't recall having this issue. At that time I would set the
cookie and then redirect (load the index with the full menu) if cookie
existed.

Geez! now my $_SESSION isn't persisting to the next page when the screen
refreshes. The only thing preventing me from gouging out my eyes right
now is that I know I'll get this stuff. It's just a matter of time...

--

Mark
-------------------------
the rule of law is good, however the rule of tyrants just plain sucks!
Real Tax Reform begins with getting rid of the IRS.
==============================================
Powered by CentOS5 (RHEL5)

On Tue, Mar 25, 2008 at 10:19 PM, Casey <heavyccasey@gmail.com> wrote:
> On Mar 25, 2008, at 7:12 PM, "Andrew Ballard" <aballard@gmail.com>
> wrote:
>
>
>
> > On Tue, Mar 25, 2008 at 9:59 PM, Mark Weaver <mdw1982@mdw1982.com>
> > wrote:
> >> Thank you Andrew... Now it all makes perfect sense. Good grief!
> >> there's
> >> so much to learn. It seems that Java was easier. ;)
> >
> > That's not specific to PHP. It's just how http works, so it's the same
> > for ASP, Perl, I suspect Java and most (if not all) other languages.
> > There might be a language that sets a cookie when you assign a value
> > to a special cookie variable, but I'm not familiar with any.
> >
> > Andrew
> >
>
> JavaScript, but that's already on the client.

True, client-side JavaScript would do it. I'm pretty sure that
server-side still would not though.

Andrew

Mark Weaver wrote:
> Andrew Ballard wrote:
>> On Tue, Mar 25, 2008 at 9:59 PM, Mark Weaver <mdw1982@mdw1982.com> wrote:
>>> Thank you Andrew... Now it all makes perfect sense. Good grief! there's
>>> so much to learn. It seems that Java was easier. ;)
>>
>> That's not specific to PHP. It's just how http works, so it's the same
>> for ASP, Perl, I suspect Java and most (if not all) other languages.
>> There might be a language that sets a cookie when you assign a value
>> to a special cookie variable, but I'm not familiar with any.
>>
>> Andrew
>>
>
> Unless I was doing something differently when I originally wrote this in
> PERL I don't recall having this issue. At that time I would set the
> cookie and then redirect (load the index with the full menu) if cookie
> existed.
>
> Geez! now my $_SESSION isn't persisting to the next page when the screen
> refreshes. The only thing preventing me from gouging out my eyes right
> now is that I know I'll get this stuff. It's just a matter of time...
>

The "problem" that you are encountering is because the $_COOKIE array is
"populated" when the script is executed. More then likely the other
languages that you used, would allow you to set a cookie and then they
would enter them into the "global" array for you, and not make you wait
until the next page load.

You could accomplish this yourself by making a wrapper function for the
setcookie() function and have your function set the data using
setcookie() and having it enter the data directly into the $_COOKIE array.

Something like this should do the trick

<?php
/*
bool setcookie ( string $name
[, string $value
[, int $expire
[, string $path
[, string $domain
[, bool $secure
[, bool $httponly ]]]]]] )
*/

function mySetCookie($name,
$value=null,
$expire=0,
$path='/',
$domain=null,
$secure=FALSE,
$httponly=FALSE) {

if ( is_null($domain) )
$domain = $_SERVER['SERVER_NAME'];

if ( setcookie( $name, $value, $expire,
$path, $domain, $secure, $httponly) ) {
$_COOKIE[$name] = $value;
return true;
}
return false;
}


?>