Do I have the right idea here?

[Karaethon]

So if I wanted to make sure my users were logged in, and had cookies & JavaScript enabled would this work...?

Users enter site at index.php which sets a test cookie and calls itself (header location self in other words) if the test passed the user is redirected to the main page, if not then redirected to a page that has a we need cookies enabled page. Once in the main pages the cookie is checked and if present all good if not send back to index. Then I use session variables to track user data.

I see this in my head but I'm not sure it works like I think and I am not sure how to code it. Your feedback would be greatly appreciated, and any pointers in how to code it would be prized as it would help me learn more so I don't have to ask next time.

[gw1500se]

Don't try to reinvent the wheel. Managing PHP logins is routine. Take a look at this.

[requinix]

Too many redirects for this day and age.

Modernizr uses a small bit of Javascript to detect cookie support so I expect it works fine even without a round-trip to the server.

[Karaethon]

1 hour ago, gw1500se said:

Don't try to reinvent the wheel. Managing PHP logins is routine. Take a look at this.

Ahh... So I don't need cookies?

[Karaethon]

5 minutes ago, requinix said:

Too many redirects for this day and age.

Modernizr uses a small bit of Javascript to detect cookie support so I expect it works fine even without a round-trip to the server.

Ohhh, ok I like small script... How do I use it, is this client or server side?

Nevermind, I can see it's client side....

[Karaethon]

Ok, so I see the JS tries to write a cookie then kills it, if it fails for some reason then it returns false.  If I understand it right I could substitute window.location.assign("entrance.php") and window.location.assign("need cookies.php") for the return parts right?

[requinix]

Don't redirect at all. Send the user to the page you want them to be on, and in the off chance they don't have cookies then you can present a popover/banner warning them your site won't work without them. People who disable cookies are used to that.

[Karaethon]

Ahhh. Ok. I like that better, less coding for me, less pages to maintain.

[Karaethon]

Umm. I can't figure out how to use it... Is there a function name I'm missing? Do I run it some other way?

[Karaethon]

Ok, after studying that code here's what I built... Call to CookiesEnabled returns true or false

 

function CookiesEnabled(){
  try {
      document.cookie = 'cookiecheck=1';
      var cookies = document.cookie.indexOf('cookiecheck=') !== -1;
      document.cookie = 'cookiecheck=1; expires=Thu, 01-Jan-1970 00:00:01 GMT';
  }catch (err) {
       var cookies =false;
  };
};

 

Do I have this right?

(Note to mods, this started as a PHP discussion but evolved into JS, should it be moved?)

[Karaethon]

12 hours ago, Karaethon said:

Do I have this right?

Apparently not quite. After some testing and tweaking I ended up with this, which works really well.

 

function CookiesEnabled(){
  var cookies =false;
  try {
      document.cookie = 'cookietest=1';
      cookies = document.cookie.indexOf('cookietest=') !== -1;
      document.cookie = 'cookietest=1; expires=Thu, 01-Jan-1970 00:00:01 GMT';
  }catch (e) {
    //do nothing..
  };
  return cookies;
};

[maxxd]

Instead of reinventing the wheel, use navigator.cookieEnabled. It looks like it's available across all browsers, and it's a lot less typing. If it returns false, pop up a modal telling the user they need to enable cookies. If it returns true, do whatever you need with cookies.

[Karaethon]

42 minutes ago, maxxd said:

Instead of reinventing the wheel, use navigator.cookieEnabled. It looks like it's available across all browsers, and it's a lot less typing...

Modernizr.addTest('cookies', function() {
    // navigator.cookieEnabled cannot detect custom or nuanced cookie blocking
    // configurations. For example, when blocking cookies via the Advanced
    // Privacy Settings in IE9, it always returns true. And there have been
    // issues in the past with site-specific exceptions.
    // Don't rely on it.

[maxxd]

Ooof. You're still supporting IE9? Government contract or sadistic manager? All kidding aside... ooof. We just recently dropped support for 10, but even that's a massive step up from 9.

[Karaethon]

supporting or not supporting a given browser wasn't my intention, I just want to code in the manner that has the least chance of failure at clientside and that line makes me leery of navigator.cookiesEnabled

[maxxd]

Nothing at all wrong with using Modernizr. However, IE9 has (according to the Can I Use browser report) a 0.17% usage through 2018. navigator.cookieEnabled (please note it's cookieEnabled, not cookiesEnabled()) has full browser support according to MDN, even in IE - admittedly, no browser version is noted - and doesn't require an additional header call and/or download. Now, Modernizr's download footprint is small and well done, so it probably not that big a consideration in the long run. Either way, it's up to you and you gotta go with what you're comfortable with.

[Karaethon]

Thanks for the input. Maybe I will use it then. you know it's kind of off topic here but I just don't get why the hell has IE always been behind the times or out of the loop all together I'm a bit of a Microsoft Fanboy and I'm kind of disappointed by that get with the program people.

[maxxd]

Yeah, I also love me some Microsoft for most things. IE, however, still sucks in a major way. Edge is slightly better in my experience, but I'm still about Firefox and Chrome on Windows 10.

[Barand]

7 hours ago, Karaethon said:

but I just don't get why the hell has IE always been behind the times or out of the loop all together

That's because there are WWW standards and other companies adhere to most of them. Microsoft thought it was too big for this and tried to introduce its own standards, expecting the rest of the world to follow. They didn't.

[requinix]

16 hours ago, Barand said:

That's because there are WWW standards and other companies adhere to most of them. Microsoft thought it was too big for this and tried to introduce its own standards, expecting the rest of the world to follow. They didn't.

And now the situation is reversed: Google and Mozilla have people in the W3 proposing standards, Chrome and Firefox just go ahead and add features they like thanks to vendor prefixes, and MS is the one left having to catch up.

[Karaethon]

Ok, so after all the discussion, after all the time I spent writing, I turn off cookies and.... Drumroll please.... It loads. Without popping up a need cookies warning... I tested and it is firing, but even though opera has disabled cookies it still passes the test....

Is there an error I don't see in my code that makes it return true?

function CookiesEnabled() {
  alert("Cookie Check!");
  var result = false;
  try {
    document.cookie = 'cookietest=1';
    result = document.cookie.indexOf('cookietest=') !== -1;
    document.cookie = 'cookietest=1; expires=Thu, 01-Jan-1970 00:00:01 GMT';
  } catch (e) {
    //do nothing..
  }
  return result;
}

 

Testing with other browsers after this post....

Firefox: check

Chrime: check

Samsung Internet: fail

Duck duck go: fail

So I guess my code is ok, the browsers are f'd up...

[Karaethon]

Fixed, I just added && navigator.cookieEnabled()

function CookiesEnabled() {
  alert("Cookie Check!");
  var result = false;
  try {
    document.cookie = 'cookietest=1';
    result = document.cookie.indexOf('cookietest=') !== -1 && navigator.cookieEnabled();
    document.cookie = 'cookietest=1; expires=Thu, 01-Jan-1970 00:00:01 GMT';
  } catch (e) {
    //do nothing..
  }
Or maybe not... Now opera and every other browser except firefox always fail even with cookies on....