Jump to content

SESSION and COOKIE problem


Recommended Posts

hello all,


I have a client that wants to protect their web page with a password protected landing page. Once the password is entered the user is directed to a "disclaimer" page that they have to agree to first before going into the site. I have put both the landing page and the disclaimer page in my root directory and then the site I put in a sub directory /cms/


in the main site index.php I check for the post password and then set a $_COOKIE for the user that will expire in 1 month

// this goes on the very top of the index.php file in the template you are using
//check if user has entered password and needs cookie set
if(isset($_POST['fpass']) && !isset($_COOKIE['fpass'])) setcookielive('fpass', $_POST['fpass'], strtotime( '+1 month' ));

function setcookielive($name, $value='', $expire=0, $path='', $domain='', $secure=false, $httponly=false) {
    //set a cookie as usual, but ALSO add it to $_COOKIE so the current page load has access
    $_COOKIE[$name] = $value;
    return setcookie($name,$value,$expire,$path,$domain,$secure,$httponly);


The next thing I do is check if a user is trying to access the main site with having the COOKIE - if so I redirect the user to the landing page

//check if user has not entered password
if (!isset($_COOKIE['fpass']) || $_COOKIE['fpass'] == "") header('location: http://www.mypage.com');

This works fine up to this point.

Now my problem is that I also need to check if a user has the month long cookie set but is trying to access the main page without viewing the disclaimer page first.

I thought this would work:

//check if the user has a cookie set but is on a new session
if (isset($_COOKIE['fpass']) && !isset($_SESSION['fpass'])) header('location: http://www.mypage.com/disclaimer.php');

But this only throws the user into a loop of "disclaimer" -> "landing page" -> "disclaimer" etc. They can never get into the main site.


How do I check for the cookie and whether the user has visited the disclaimer page - but then allow the user to continue once they go to the disclaimer page?


NB: the $_SESSION is not set until the main site.

Link to comment
Share on other sites

$_SESSION['fpass'] needs to be set on the Disclaimer page. Or use a different session var - $_SESSION['viewed_disclaimer'];


Also, I would get people to register, and save their details on a database, then save the value in the database that they viewed the disclaimer (which would be required to register).


hope this helps

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.