[solved] Cookies & mod_rewrite are not playing nice toge

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

[solved] Cookies & mod_rewrite are not playing nice toge

Post by RobertGonzalez »

Ok, I am almost certain I am doing something wrong in my code, but for the life of me I cannot figure out what the heck is wrong. I am trying to set a cookie on my local development machine, which also happens to be utilizing mod_rewrite. I think I may be screwing the cookie path up somehow. This is how I am trying to set the cookie...

Code: Select all

<?php
setcookie('appname_data', serialize($session_data), time() + 31536000, '/', 'localhost', '');
?>
With mod_rewrite enabled, I have links like:

Code: Select all

http://localhost/AppName/
http://localhost/AppName/login/
http://localhost/AppName/logout/
http://localhost/AppName/landing/
I cannot get the cookie to set. I am not getting errors from the code. I did a boolean check on the return of setcookie and it shows that setcookie is returning boolean true, but they are not setting in browser. The browser is set to accept all cookies.

I really think this is a path issue, but I can't be certain. I have tried setting the cookie path to './', '/', '/AppName/', etc, but I cannot see my problem. Can someone throw down a fresh view on my stupidity do I can move on from here?
Last edited by RobertGonzalez on Wed Nov 22, 2006 2:04 pm, edited 1 time in total.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Have you checked wether your browser gets a cookie header? (e.g. FF->Live HTTP Headers)
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Ok, there are a couple of things going on here...

1) It appears that my config settings (which come from a stored procedure in MySQL) are actually being split into two result sets. The weird thing is, the first, third, fourth and fifth rows are in the first result set, and the second row (the one that houses the cookie path) is in the second result set. I have that nailed now, so I am getting a full result set.

2) I am seeing a Set-Cookie response header in the Headers. Not a Cookie header.

3) The cookie is being set, but it is missing a part of the name generator, which I think is caused by the config issue mentioned in #1.

I will be messing more with this this morning. I had to leave yesterday so I haven't messed with it since a few minutes after I posted the request.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Something I just found (and that has a profound impact on what I am doing). According to the Client Side State - HTTP Cookies spec by Netscape, a cookie domain must have two (2) or three (3) dots in the domain name. That means that setting the domain to 'localhost' causes my cookies to puke. If I change the domain name to our actual domain name, and test on computername.domain.com (with domain set to '.domain.com') everything seems to work fine.

This is a major bugger.

edit | Oh yeah, closing your braces in the right place helps too :oops:. God I feel so stupid right now. But that is ok, because tomorrow I am going to eat myself into oblivion while watching football and screaming at the TV. Life, although without session state, is still good.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Everah wrote:2) I am seeing a Set-Cookie response header in the Headers. Not a Cookie header.
That's the one.


Why did you set a domain in the first place? Did you try without setting all those optional parameters?
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

This app is going to be crossing secure/non-secure boundaries, but I want to maintain session state throughout the entire visit. I also set the domain because I don't want issues with http://www.domain.com vs. domain.com.

I suppose it is not totally necessary, but I like doing it to make sure the settings are visible (and changeable, as these are being set through database entries).
Post Reply