[SOLVED] Cookie data not returned when accessed from public IP

[stuartmarsh]

Hi All,

I am writing a page to use cookies but when I access the page through my public IP nothing is returned.

If I access the page through http://localhost/test.php, the data is returned.

This is the test code I am using:

<?php

$value = 'something from somewhere';

setcookie("TestCookie", $value);


// Print an individual cookie
echo $_COOKIE["TestCookie"] . "<br>";
echo $HTTP_COOKIE_VARS["TestCookie"] . "<br>";

// Another way to debug/test is to view all cookies
echo "<pre>"; print_r($_COOKIE); echo "</pre>";
?> 

Anybody got any idea why it doesn't work through the public IP?

 

[stuartmarsh]

Can anybody help me with this?

[BenInBlack]

without an expire time it is a session cookie only accessible from the current session and dies when session ends.

 

if you add expire like setcookie("TestCookie", $value, time()+3600);  /* expire in 1 hour */

then it will be available for others to see

[BenInBlack]

without an expire time it is a session cookie only accessible from the current session and dies when session ends.

 

if you add expire like setcookie("TestCookie", $value, time()+3600);  /* expire in 1 hour */

then it will be available for others to see

[BenInBlack]

that was weird, got an error posting the first time so i re-press post and it doubled up  ???

[thebadbad]

I'm not sure what you exactly mean, but remember that a cookie set in a script located on http://localhost/ can't be read from another domain, say http://127.0.0.1/.

[BenInBlack]

this is true,

I'm not sure what you exactly mean, but remember that a cookie set in a script located on http://localhost/ can't be read from another domain, say http://127.0.0.1/.

 

My point was this, If you don't set an expire value, the cookie is a session cookie, and it never creates the cookie file, it is an ether cookie that vaporizes as soon as this particular session is gone, and is only visible to the individual browsers session.

 

So once you put in the expiry then you get into the realm you pointed out

[stuartmarsh]

I have examined the http headers and the cookie created and IS being sent back to the server.

This is where it gets weird.  I did a var_dump of $_SERVER and normally there is an item called

 ["HTTP_COOKIE"]=>
  string(15) "test=test+value"

.

When I look at the data sent over the Internet it looks like this

 ["HTTP_XOOKIE"]=>
  string(15) "test=test+value"

.

 

What is HTTP_XOOKIE and why is the cookie data set there?

[thebadbad]

You must have made a typo somewhere (X and C is right next to each other on the keyboard).

[stuartmarsh]

thebadbad: This isn't a typo, this is actually what is displayed.

 

I have discovered that my problem was being caused by our firewall.

We are using a FortiGate and it uses something called Protection Profiles to scan inbound packets.

There is an option called Cookie Filter that was causing the Cookie to be passed back as Xookie.

It's a weird problem that I've never seen or heard of before.

 

!!Live and Learn!!

[thebadbad]

Ah, okay. Wicked that you actually found out why