$_COOKIE NOT INITIALLY AVAILABLE

[milesk]

While I have developed for a number of years I am new to web applications and PHP. I am currently have an issue with cookies. The cookies appear to have been created and I checked for their presence in index.php. Initially they are not set but after a couple of iterations they become available. For example a remember me cookie is not available on the login screen on first entry but if I choose the login shortcut the cookie is now available with a value. While the docs say that they should be globally available I did try the make them global with no success. Something is making them available and I can track what it is.

[trq]

You need to redirect after setting a cookie in order for it to take effect.

[milesk]

As I said I'm new to this and maybe I'm not using or explaining well.  On a previous login where the user has asked to be remembered I have saved a cookie for their name and password.  They have logged out.  They receive an email with a link to a conversation but they need a login.  If they have asked to be remembered I check for the cookies and log them in.  However, I have found that the cookies are not available initially and even at the login screen where I default the remember flag to a cookie, it is not available.  If I do choose login from the page it would redirect to login and the cookie is now available.

 

Do you have to have at least 1 redirect for cookies to be available?

 

[trq]

Um not sure if this is your issue or not, but the problem with cookies is this:

 

If you call setcookie() and then (on the same page) try and look at that cookie using the $_COOKIES array it wont yet be set. The reason for this is that cookies aren't actually set when setcookie() is called, but when the script has finished execution and all the headers are sent (setting a cookie just sends a specific header).

 

It's pretty hard to tell from your description if this issue describes your problem or not. You might need to post some relevant code.

[milesk]

As I mentioned in my last reply the cookie were set in a previous session.  The user has logged out but they have received a link in an email but to get to that link they need a login.  If they have not chosen to be remembered, I take them to login and then redirect them to the page of their link.  If they had chosen to be remembered then I login with the cookies.

 

How I got around the login was to let the code fall through to the redirected error message but at the top of that page before it is actually displayed the cookies are available and then I redirect then to the link page.

 

In the other example they where the user is just logging in the login uses a remember cookie and again that is not available.  However, if I redirect to that login page i.e. the the top of the page I recall it again the cookies are available.

 

There seems to be a pattern here i.e. until a page is redirected the cookies are not available (even though the cookies were from the last session).  The call from the PHP server to the browser seems to be doing it.

 

Is there a technique that others user to throw up a "blank" page and immediately redirect to the real page to retrieve the cookies?

[smoseley]

On a sidenote: NEVER save a password in a cookie!!!!!  That's a terrible security hole!

 

You should instead create a unique ID (e.g. md5(uniqid()), store that in a column in the user table (or better, in a separate table with ancillary information, like when the user persisted their login, etc.), and store that in a cookie for reference of the user logged in.

[milesk]

Thorpe was correct as a redirect has to occur even to retrieve cookies saved in previous sessions.  The login page was rendered and after I changed it to a redirect the cookies were available.  Somseley the password was hashed but I take you point and will take up your suggestion where I get it all working.  Thanks for your assistance.