Handling Cookies in IE

[smnw10]

I am completely baffled here and can't find a solution on the web, in books, or even quickly in this forum. I just need a simple script to set the username and password as a cookie to keep the user logged in over a period of time.
The script work without any problems in firefox, but won't work at all in IE. Even the simplest code to set a cookie, then display it on the next page will not work in IE. It appears that the cookie doesn't get set in IE.

if I have:
[code]
<?PHP
setcookie("user", $username, time()+3600);
?>
[/code]

then on another page have:
[code]
<?PHP
echo "cookie is ".$_COOKIE['user'];
?>
[/code]
my output is only:
cookie is

and doesn't display the cookie content.

There was some code to display all cookies that are set, and the output in IE after I try to set the cookie and then display all cookies is just:
Array()

but in FireFox, using the exact same pages, it works without a problem and displays the cookies and their content for me.

what the heck am I doing wrong???

thanks
John

[wickning1]

You can turn off cookies in any browser. Perhaps your version of IE has the ability to receive cookies turned off. More browsers will accept a cookie if you DO NOT give it an expiration date. That type of cookie is deleted as soon as the browser window closes.

Two points:
1) Cookies are an unreliable solution for sessions in general. You need a backup plan, usually placing a session identifier in the URL for every link on your site.

2) Sending a username and a password in a cookie is not very secure. The preferred method is to send a random string of characters that can be matched up on your end with the correct username.

[smnw10]

thanks for the quick reply
I understand the security risk with using the username and pass in a cookie, for what this site entails there is no risk though.
the person I'm dealing with wants the user to be able to choose to stay logged in for 30 days if they want. So, I figured the best way is just use a cookie and set it to expire in 30 days when they choose that option. The site was running fine with sessions but they didn't like that when they tried to get back on the site the next day or a few hours later, they had to log back in.

I have my IE set to accept all cookies. And I tried viewing the site with anotehr computer and had the exact same results with IE.

I just tried setting the cookie without declaring an expiration time and it worked in IE.
What's the default time for a cookie to last when you don't declare an expiration time?

[wickning1]

When you don't set an expiration, it is a session cookie - the cookie is deleted as soon as the browser quits.

You can try adjusting your security level in IE to see if it starts accepting cookies with a longer expiration.