Cookie puzzle

[Donjohnson24]

A few years ago I added an Extension to the WYSIWYG Web Browser program I use, in order to count the visitors to my website donjohnson24.co.uk, but cannot recall from where it came.  The extension uses cookies and is intended to check that the person connecting to the site is not ME, and that returns to the page with the counter do NOT add to the count.   I recently noticed an error message - produced by $user being undefined before use - and corrected that satisfactorily.   Having looked at the script, my query is that although the Extension appears to function OK - not counting MY visits and  returns to the counter-containing page - I can't see why?   The code involving DONCHECK doesn't seem to do what is intended, but somehow seems to work.   I must admit to very little experience with PHP, and though I have used many program languages in the past, I am now 84 years old, and my memory and programming skills have been stagnating for some years.

It may be that I just misunderstand how cookies work, but if anyone can explain, or point out where the script should be corrected, I would be most grateful.

The Extension stores itself  before the html tag, and is shown below.  The window for entering parameters for the Extension  is also attached.

<?php

$revisit = "No";

//check if first visit
if(isset($_COOKIE["first"])) 
{
       $revisit = "Yes" ;
    $play = "$secplay$"  ;
} 
else 
{  
    $cookie_name = "first";
    $cookie_value = "XX";
    setcookie($cookie_name, $cookie_value);
    $play =  "$firstplay$" ;
} 

//check if MY computer
$cookie_name = "$identcookie$";
$user = " ";
if(isset($_COOKIE[$cookie_name]))
{
       $user = $_COOKIE[$cookie_name];
}
else 
{  
    $cookie_name = "$identcookie$";    
    $cookie_value = "$identname$";
    setcookie($cookie_name, $cookie_value);
} 

// get the visit count, and update if first visit and NOT on my computer
$file = fopen("$file$", 'r');
$data = fread($file, filesize("$file$"));
fclose($file);
if ($data !== false)
{
    $hits = intval($data);
 
    if ($user != "$identname$" && $revisit != "Yes")
    { 
        $hits++;
        $file = fopen("$file$", 'w');
        flock($file, LOCK_EX);
        fwrite($file, $hits);
        flock($file, LOCK_UN);
        fclose($file);
    }

}
?>
 

[requinix]

It works, but it's weird and confusing in how it does.

There's two parts here: the Don3 value, and the "first" cookie. Everybody who visits the site is going to get a cookie (for their second and later visits) that says the user is Don3. And everybody who visits the site is going to get a cookie (ditto) for that "first" tracking.

If you have either/both of those cookies set up before visiting the site then it won't count you. Regular users won't so they will get counted. But after that, everybody will have the same two cookies and won't get counted again - until those cookies disappear, of course.

[Donjohnson24]

So I guess the cookies remain on each site, to be read by the script.   The only way I could see cookies was with Google Chrome/Inspect/Applications/Cookies, where they appear - if the counter is included - for the site donjohnson24.co.uk.   They do NOT appear under the website heading if the counter is omitted.   From your answer I now assume that even so, the cookies - previously created - lurk somewhere in Chrome, which does enable me to understand how it works.   If it were possible to see what cookies are hiding in Chrome, I would have got it sooner, but I could find no info' about their location.    Thanks for your help, requinix.

As a further explanation of my confusion, I previously used the user name Don on my old PC, but changed it to Don3 on my new Mini PC.   I assumed that a cookie was storing the user name somewhere, and could not understand how the counter kept working correctly despite the change in names.   I now see that I could use any name I liked.  

[requinix]

2 minutes ago, Donjohnson24 said:

From your answer I now assume that even so, the cookies - previously created - lurk somewhere in Chrome, which does enable me to understand how it works.   If it were possible to see what cookies are hiding in Chrome, I would have got it sooner, but I could find no info' about their location.

I don't think there's a simple way to see all the cookies Chrome has remembered across all sites. You can see what cookies are relevant to a particular site by pulling up the dev tools while on one of the site's pages. Related, you can see what cookies are being sent to the server by examining the request information of most anything in the network tab (at least, of the things going to your site) and also whether the server wanted to add or change a cookie in its response.

 

2 minutes ago, Donjohnson24 said:

As a further explanation of my confusion, I previously used the user name Don on my old PC, but changed it to Don3 on my new Mini PC.   I assumed that a cookie was storing the user name somewhere, and could not understand how the counter kept working correctly despite the change in names.   I now see that I could use any name I liked.  

Sites don't have any way of knowing your user account or the computer's name - unless the browser specifically sends that information, which requires some very specific and an unusual setup that only ever happens in intranet/company network environments, and certainly never with stuff on the general public internet.

So yes, the value could be anything you wanted. In fact, all of those cookie, name, firstplay, and secplay values from the prompt can be whatever you want at all, as they have no actual relation to you or your computer.

The truth is that the site sees you as any other visitor, and will or won't record you just like for them. However, you could make some minor changes from your browser to make your own cookie special - namely to make it last forever, rather than be temporary like everyone else's...