Only Firefox likes my cookies

[Infinitive]

I'm trying to gain some understanding about how cookies are passed.  I have a production environment where something like 1 in 1000 users will tell me they have issues with session cookies, yet their browser is set up to accept them.  Sometimes as perplexing as it working on Tuesday, broken on Wednesday, working on Thursday.  I've no idea how to solve that because it's not reproducible to me.

 

But!  I've found a reproducible problem!  So I'll put that other issue to stage 2 and figure this out first:

 

I have a test box on my local network, accessible by the computer name or the 192.168.1.xxx link.  LAMP setup, works fine.  I wrote the following very simple pages to test cookies:

 

CookieTest1.php

<?php
setcookie("TestCookie", 12345, time()+3600);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Testing Cookies</title>
</head>

<body bgcolor="#000000">
<table width="80%" border="3" cellspacing="2" cellpadding="2" style="background-color:#FFFFFF" align="center">
  <tr>
    <td><p>We just sent a cookie to your browser, which it should have saved.</p>
    <p><a href="CookieTest2.php">Click here</a> to go to another page that will check for that cookie.</p></td>
  </tr>
</table>

</body>
</html>

linking to:

CookieTest2.php

<?php 
$TestCookie = "Not Found";
if (isset($_COOKIE['TestCookie'])) {
$TestCookie = $_COOKIE['TestCookie'];
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Testing Cookies</title>
</head>

<body bgcolor="#000000">
<table width="80%" border="3" cellspacing="2" cellpadding="2" style="background-color:#FFFFFF" align="center">
  <tr>
    <td><p>Back from the test. The cookie was: <?php echo $TestCookie ?></p>
  </tr>
</table>
  
</body>
</html>

 

(Yeah I don't know why I used a table there either.  Nevermind that.)

 

So I go 192.168.1.xxx/CookieTest1.php, which writes.  Then links to CookieTest2.php, which reads. 

 

Here's the thing:  I run this test on Opera.  Cookie not found.

IE8:  Cookie not found

Firefox: Cookie == 12345

Chrome: Cookie not found

(Of course I verify cookie existence myself, so the problem is in writing, not reading.)

 

OK so obviously I must have lower privacy settings on Firefox, right?  Nope.  All browsers are on "accept all".  Furthermore, I turn on "ask me" for Opera and for Chrome.  Opera doesn't ask.  Chrome asks, but doesn't set the cookie after I say yes.

 

All 4 browsers will happily comply with a session cookie.

 

What am I not getting here?

[Pikachu2000]

It wouldn't hurt to try specifying all the cookie parameters, even if they only contain an empty string/NULL value. See if this helps

 

setcookie("TestCookie", 12345, time()+3600, '/', '', 0, 0);

[Infinitive]

I'm assuming the second 0 is a typo, since setcookie only wants 6 parameters?

[Infinitive]

Tried

setcookie("TestCookie", 12345, time()+3600, '/', '', 0);

 

Didn't hurt, but didn't help either.  :/

[Pikachu2000]

setcookie() takes 7 parameters, actually. setcookie( name, value, expiration, path, host, secure, httponly);

 

But now that I've read more of the code, I see why that doesn't work. You can't access the cookie data until the next page load. If you set the cookie in a conditional, then reload the page, it should be accessible.

 

 

if( !isset($_COOKIE['TestCookie']) ) {
     setcookie("TestCookie", 12345, time()+3600, '/', '', 0, 0);
} else {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[url=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd[/url]">
<html xmlns="[url=http://www.w3.org/1999/xhtml]http://www.w3.org/1999/xhtml[/url]">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Testing Cookies</title>
</head>

<body bgcolor="#000000">
<table width="80%" border="3" cellspacing="2" cellpadding="2" style="background-color:#FFFFFF" align="center">
  <tr>
    <td><p>Back from the test. The cookie was: <?php echo $TestCookie ?></p>
  </tr>
</table>
  
</body>
</html>
<?php
}
?>

[Infinitive]

But I have 2 separate pages.  Doesn't that qualify as the next page load?  Also I can see that the cookie wasn't written, so it's not an access issue.

 

(Also I've refreshed that first page about a billion times anyway, so at some point it should have set.)

 

Unless I'm misunderstanding you?

 

(btw The manual says you're right about 7 parameters.  So why did Dreamweaver yell at me and the execution throw "Warning: setcookie() expects at most 6 parameters, 7 given in /var/www/html/CookieTest1.php on line 2"?)

[Pikachu2000]

I don't know what's wrong with my eyes today. Yes, it does. I somehow conflated the 2 sections of code in your OP, thinking the cookie was being set and tested for in the same script. Sorry about the confusion.

[Pikachu2000]

FYI, I just tried it locally in FF, Safari, and Opera, and all three of them functioned fine.

[Infinitive]

Yeah, and I can make it work on my production server.  That's why this reproducible error is so intriguing.  Cookie rules are pretty straightforward (don't write and read on the same page, don't send html first) so I can't figure what the issue is.

 

Most curious is Chrome, which will ask me for permission to write the cookie, but then not do so.  There must be a fine print catch somewhere...

 

I do appreciate the effort.  Naturally if it wasn't a strange behavior I wouldn't have asked in the first place.