Page 1 of 1

[solved] Cookies & mod_rewrite are not playing nice toge

Posted: Tue Nov 21, 2006 6:34 pm
by RobertGonzalez
Ok, I am almost certain I am doing something wrong in my code, but for the life of me I cannot figure out what the heck is wrong. I am trying to set a cookie on my local development machine, which also happens to be utilizing mod_rewrite. I think I may be screwing the cookie path up somehow. This is how I am trying to set the cookie...

Code: Select all

<?php
setcookie('appname_data', serialize($session_data), time() + 31536000, '/', 'localhost', '');
?>
With mod_rewrite enabled, I have links like:

Code: Select all

http://localhost/AppName/
http://localhost/AppName/login/
http://localhost/AppName/logout/
http://localhost/AppName/landing/
I cannot get the cookie to set. I am not getting errors from the code. I did a boolean check on the return of setcookie and it shows that setcookie is returning boolean true, but they are not setting in browser. The browser is set to accept all cookies.

I really think this is a path issue, but I can't be certain. I have tried setting the cookie path to './', '/', '/AppName/', etc, but I cannot see my problem. Can someone throw down a fresh view on my stupidity do I can move on from here?

Posted: Wed Nov 22, 2006 4:12 am
by volka
Have you checked wether your browser gets a cookie header? (e.g. FF->Live HTTP Headers)

Posted: Wed Nov 22, 2006 10:22 am
by RobertGonzalez
Ok, there are a couple of things going on here...

1) It appears that my config settings (which come from a stored procedure in MySQL) are actually being split into two result sets. The weird thing is, the first, third, fourth and fifth rows are in the first result set, and the second row (the one that houses the cookie path) is in the second result set. I have that nailed now, so I am getting a full result set.

2) I am seeing a Set-Cookie response header in the Headers. Not a Cookie header.

3) The cookie is being set, but it is missing a part of the name generator, which I think is caused by the config issue mentioned in #1.

I will be messing more with this this morning. I had to leave yesterday so I haven't messed with it since a few minutes after I posted the request.

Posted: Wed Nov 22, 2006 12:28 pm
by RobertGonzalez
Something I just found (and that has a profound impact on what I am doing). According to the Client Side State - HTTP Cookies spec by Netscape, a cookie domain must have two (2) or three (3) dots in the domain name. That means that setting the domain to 'localhost' causes my cookies to puke. If I change the domain name to our actual domain name, and test on computername.domain.com (with domain set to '.domain.com') everything seems to work fine.

This is a major bugger.

edit | Oh yeah, closing your braces in the right place helps too :oops:. God I feel so stupid right now. But that is ok, because tomorrow I am going to eat myself into oblivion while watching football and screaming at the TV. Life, although without session state, is still good.

Posted: Wed Nov 22, 2006 1:57 pm
by volka
Everah wrote:2) I am seeing a Set-Cookie response header in the Headers. Not a Cookie header.
That's the one.


Why did you set a domain in the first place? Did you try without setting all those optional parameters?

Posted: Wed Nov 22, 2006 2:03 pm
by RobertGonzalez
This app is going to be crossing secure/non-secure boundaries, but I want to maintain session state throughout the entire visit. I also set the domain because I don't want issues with http://www.domain.com vs. domain.com.

I suppose it is not totally necessary, but I like doing it to make sure the settings are visible (and changeable, as these are being set through database entries).