PHP cookie set time

[xcandiottix]

I am working on a page that works like so:

 

page 1 - user inputs data into a form and hits submit

page 2 - the submit page sets a cookie and forwards user to next page

page 3 - evaluates the cookie and displays accordingly

 

My problem is that sometimes the cookie is not set it step 2 fast enough before the page is refreshed. I tried to set the refresh time to 2 seconds and sometimes it works and sometimes it doesnt.. plus I hate to force a user to wait 2 seconds each time they encounter this page. Any suggestions as to how I can set a cookie and then wait for verification before continuing on to the next page? I have read it is bad practice to check a cookie in the same function that it is set... would I need to add a fourth page that checks to see if the cookie exists and if not it bounces it back to the page that sets the cookie?

 

Thanks

[thewooleymammoth]

I think we'd need to see your code

[xcandiottix]

Page 1:

 

<form method="post">
  <br>
  <input name="username" type="text" class="generalfont" size="30" maxlength="30"><span class="generalfont">Username</span><br>
  <input name="password" type="password" class="generalfont" size="30" maxlength="30"><span class="generalfont">Password</span>
  <br>
  <input name="Submit" type="submit" class="button" value="Submit" />
</form>

 

Page 2 (actually page 1 refers back to itself):

	if($row['db_Password'] === $passwordOK){
		$status = 'Your Login information is correct!';
		//set cookie
		$uncookie = $row['db_Username'];
		$pwcookie = $row['db_Password'];
		$idcookie = $row['db_Id'];
		$ipcookie = $_SERVER['REMOTE_ADDR'];
		$value = md5($idcookie.$ipcookie);
		setcookie("active", $value, $timeout, '/', "www.site.com");
		setcookie("user", $uncookie, $timeout, '/', "www.site.com");
		echo '<html>
		<head>
		<meta http-equiv="refresh" content="2;url=http://www.site.com/users/'.$uncookie.'.html">
		</head>
		</html>';}

 

Page 3:

<html>
<!--#set var="Current" value="$SCRIPT_NAME"-->
<head>
<meta http-equiv="refresh" content="2;url=http://www.site.com/member/user_page.php?u=username">
</head>
<body>
<center>
Loading Data ... Please Wait ...
</center>
</body>
</html>

Page 4:

if (isset($_COOKIE['active'])){
$con = mysql_connect("A","B","C");
mysql_select_db("A", $con);
$data = mysql_query("SELECT * FROM user_table") or die(mysql_error());
while($info = mysql_fetch_array($data)){
	$ids = $info['db_Id'];
	$uns = $info['db_Username'];
	$ips = $_SERVER['REMOTE_ADDR'];
	if(md5($ids.$ips) == $_COOKIE['active']){
		$timeout = time()+60*10;	
		$value = md5($ids.$ips);
		setcookie("active", $value, $timeout, '/',"www.site.com");
		setcookie("user", $uns, $timeout, '/',"www.site.com");
		$restricted = 0;
	}
}
}
else{
$restricted = 1;
echo "restricted access";
}

 

Sometimes $restricted = 1 because the cookie was never set. Usually $restricted will = 0 though. I don't know if it's a connection speed issue or not. I would like to not allow the user to be forwarded onto the next page (from page 2 to page 3) until the cookie is definitely set.

[thewooleymammoth]

you should use header() function instead of doing it via html

[xcandiottix]

If I did that, would the header() tag not be evaluated until the cookie was set? I'm thinking that I would still have the same problem as the script would begin setting the cookie and then going on to the next line of code regardless if the cookie was set or not.

 

I'll try to change it though and see what happens.

[thewooleymammoth]

It should be fine, But for user login information i would use $_SESSION not cookies. cookies are stored as a file on the client computer. So they can change what the file says, unless your encrypting it.

 

Basically i could login as tinyjoetheragman and change my username to ADMIN, just by editing a file on my computer. $_SESSION stores all the information on the server.

[xcandiottix]

You're right ..  a session would also provide me an almost immediate write time to store the information, that way the user's connection speed wouldn't really matter and I would not have to institute an automatic 'wait time' for everyone. Good idea.

[xcandiottix]

Alright, so I guess I'm missing something:

 

signin.php

session_save_path("/tmp/");
session_start();

	if($row['db_Password'] === $passwordOK){
		$status = 'Your Login information is correct!';
		//set cookie, now session
		$uncookie = $row['db_Username'];
		$idcookie = $row['db_Id'];
		$_SESSION['active'] = $idcookie;
		$_SESSION['user'] = $uncookie;
		header("Location: http://www.appdilly.com/member/user_page.php?u=".$uncookie."");
		exit;
		//end
	}

 

user_page.php

session_save_path("/tmp/");
echo session_save_path();
echo $_SESSION['active'];

 

Results in user_page.php displaying the save path but not the result of echo $_SESSION['active'].

 

Any ideas?

 

[xcandiottix]

Ah..... makes sense.

 

The reason it won't work is because:

 

$_SESSION['active'] = $idcookie;

$_SESSION['user'] = $uncookie;

 

Are both writing to the same cookie being saved on the server. The appended value of the cookie becomes Active$idcookieUser$uncookie and therefore renders the cookie data unusable.

 

$_SESSION creates one cookie name and stores whatever value as such so to store 2 variables you would need to:

 

$_SESSION['active'] = $idcookie.$uncookie;

[xcandiottix]

Haha. OKAY .. what I said above isn't true either as by mistake my code found 2 variables located inside one session cookie. So i guess this is how it works:

Line 2:

session_save_path("/tmp/");
session_start();
session_register('active');
session_register('user');

at the very beginning of my php code will allow me to

set active and user later:

Line 45:

$_SESSION['active'] = $idcookie;
$_SESSION['user'] = $uncookie;

 

and it works fine... what an adventure.