Page 1 of 1

Requesting help with cookie code

Posted: Fri Sep 19, 2014 11:43 am
by yayness
Hello,

I would appreciate some advice on a PHP coding issue I have on a website (proprietary CMS). The issue began after the site was migrated to a new server, and the original devs are not being helpful to this end. The current host already tried doing a number of things to fix this issue, like adjusting the server settings to match the previous one, which resolved many issues but left some bugs.

There is an issue with session cookies not being accepted, which results in the user not being able to change the region/languages manually on the site. We modified the code to try and fix them (they were expired years ago, but the expired cookies did function on the old server), but even then it's not working. This is the code snippet below:

Code: Select all

 

public function setLanguage($lang) {
        if(in_array($lang, array_keys($this->_avalLangs))) {
            $this->_language = $lang;
            $langCookie = new CHttpCookie('language', $this->_language);
            $langCookie->domain = $_SERVER['SERVER_NAME'];
            $langCookie->expire = time()+64000000000;
            $c = new CCookieCollection($this->_request);
            $c->add('language', $langCookie);
        } else {
            $this->_language = $this->_getDefaultLanguage();
        }
    } 

I'm really stuck at this right now and would greatly appreciate any pointers on debugging. There are a couple of other issues, but this is the most pressing one at the moment. Thanks in advance.

Re: Requesting help with cookie code

Posted: Fri Sep 19, 2014 12:31 pm
by requinix

Code: Select all

$langCookie->domain = $_SERVER['SERVER_NAME'];
That could be a problem if the SERVER_NAME does not match with the domain name. Try

Code: Select all

$langCookie->domain = $_SERVER['HTTP_HOST'];
Even better would be to fix it to use the same configuration as the session cookies, mostly because the session cookie is something that will definitely be configured correctly:

Code: Select all

public function setLanguage($lang) {
    if(in_array($lang, array_keys($this->_avalLangs))) {
        $this->_language = $lang;
        $sessionParams = session_get_cookie_params();
        $langCookie = new CHttpCookie('language', $this->_language);
        $langCookie->domain = $sessionParams['domain'];
        $langCookie->expire = time()+64000000000;
        $langCookie->path = $sessionParams['path'];
        $c = new CCookieCollection($this->_request);
        $c->add('language', $langCookie);
    } else {
        $this->_language = $this->_getDefaultLanguage();
    }
}

Re: Requesting help with cookie code

Posted: Fri Sep 19, 2014 12:57 pm
by yayness
Thanks requinix. I will try the solution you suggested.

Re: Requesting help with cookie code

Posted: Mon Sep 22, 2014 9:31 am
by yayness
Okay, I have tried applying those changes and did not notice any differences. There is still a session issue. Would anyone have any other suggestions or pointers?

Re: Requesting help with cookie code

Posted: Mon Sep 22, 2014 12:24 pm
by requinix
In your browser, what are the details (path, domain, expiry, etc.) for the language cookie and for the session cookie? Additionally, can you check the HTTP response for whatever page sets the cookie to see what it has in the Set-Cookie header?

Re: Requesting help with cookie code

Posted: Mon Sep 22, 2014 1:52 pm
by yayness
Not sure how to copy and paste the whole thing...

HTTP/1.1 200 OK
Date: Mon, 22 Sep 2014 18:49:02 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: region=NA; expires=Tue, 10-Apr-2001 11:31:42 GMT; path=/; domain=www.gfssoftware.com
Set-Cookie: language=en_us; expires=Tue, 10-Apr-2001 11:31:42 GMT; path=/; domain=www.gfssoftware.com
Set-Cookie: PHPSESSID=722d7a675cab48db651552cb855b6b15; path=/
Transfer-Encoding: chunked
Content-Type: text/html

The new webhost already checked over it, they can't see why it's not working (and it is a reputable company). All I get is that there's a coding issue.

Re: Requesting help with cookie code

Posted: Mon Sep 22, 2014 2:05 pm
by requinix
Looks like you moved from a 64-bit system to a 32-bit system.

Code: Select all

Set-Cookie: region=NA; expires=Tue, 10-Apr-2001 11:31:42 GMT; path=/; domain=www.gfssoftware.com

Code: Select all

$langCookie->expire = time()+64000000000;
That 64,000,000,000 adds more than 2000 years to the expiration and a 32-bit system cannot handle that. The value "wraps around", then again, then again another 13 more times, and ends up in April 2001.

2000 years is ridiculous. Whoever wrote that code was stupid.

Change it to a much lower number. Say, 300,000,000. That translates to 10 years, after which time I think it's okay if people got logged out.

Code: Select all

$langCookie->expire = time()+300000000;
Remember to edit your session cookie settings. In fact, you should edit those settings and then do the session_get_cookie_params() thing I mentioned with another change for the expiration:

Code: Select all

$langCookie->expire = ($sessionParams['lifetime'] ? time()+$sessionParams['lifetime'] : 0);
By the way, you'll need to move back to a 64-bit system within the next 14 years or else this problem will come up again and you'll have to lower the 300M amount.

Re: Requesting help with cookie code

Posted: Mon Sep 22, 2014 2:56 pm
by yayness
I freaking lol'ed. You were right, and were able to diagnose 1/2 of this persistent issue where hours of outside "experts" could not. Seriously, I don't know how many devs looked at this already.


Fixing the code to what you did resolved the language issue, although region still not changing. Interestingly, the Apr 2001 expiration date remains on the HTTP header check. Now I just need to figure out how to do the other stuff you said. But thanks very much, greatly appreciated.

Re: Requesting help with cookie code

Posted: Mon Sep 22, 2014 3:16 pm
by yayness
And the language cookie, which is:
pt_br
.www.gfssoftware.com
13 B
/
Mon Mar 25 2024 21:27:15 GMT-0400 (Eastern Daylight Time)

is now visible in the list of cookies on the page. I'm guessing it's not necessary to make any further changes to it.

Re: Requesting help with cookie code

Posted: Mon Sep 22, 2014 3:47 pm
by yayness
Sorry to keep triple posting. I applied your fix to the other file that controlled regions and it worked to resolve this issue.