browser issue - cookie detection

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

sh33p1985
Forum Commoner
Posts: 78
Joined: Thu Mar 11, 2004 9:22 am

browser issue - cookie detection

Post by sh33p1985 »

recently swapped over to firefox and an error has arose in a website i am currently testing.

to retrieve returning customers orders i use a cookie that holds a reference no. to their order (this cookie is destroyed on completion of your order). in IE this works fine, the user is returned to the shop front where a new cookie is created with a new reference no. but in firefox the cookie does not get destroyed and the new cookie does not get created which leads to some borked functionality.

i realise this is beacuse the way the browsers store cookie information. it seems firefox holds the data in a single file cookies.txt while IE creates a seperate files for each cookie.

if im mistaken please correct me but this is my initial analysis on the problem.

is there a way to safely detect the users browser to compensate for this oversight?

thanks.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

It doesn't matter how they, literally, store the cookies. It matters how you tell it to store the cookies. Please post your cookie creation code.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

$_SERVER['USER_AGENT'] I believe will identify the browser, but honestly the browser should not be doing anything different to the handling of cookies is the code tells them to destroy it. Can you post your cookie destruction code?
sh33p1985
Forum Commoner
Posts: 78
Joined: Thu Mar 11, 2004 9:22 am

Post by sh33p1985 »

Creation:

Code: Select all

if(isset($_COOKIE['orderRef'])){
//retrieve cookie data for use
}
else{
$reference = md5(uniqid(rand(), true));	
setcookie("orderRef", $reference, time() + 86400);			
}
Descrution: (executed after payment has been completed and order has been processed)

Code: Select all

setcookie("orderRef", "", time() - 86400);
setcookie(session_name(), "", time() - 86400);
session_destroy();
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

ave you loaded the app in Firefox and checked the cookie information for that domain before and after destruction?
sh33p1985
Forum Commoner
Posts: 78
Joined: Thu Mar 11, 2004 9:22 am

Post by sh33p1985 »

not yet, whats the easiest way to view their name/values before and after?
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

sh33p1985 wrote:not yet, whats the easiest way to view their name/values before and after?
You can either open and view the cookies.txt file, or, to be a smarter critter, you could install the web developer toolbar extension and use the cookies menu to inspect them.
sh33p1985
Forum Commoner
Posts: 78
Joined: Thu Mar 11, 2004 9:22 am

Post by sh33p1985 »

smarter is always better! bare with me a few mins ill get right on it.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

What paths and domains are being set for the cookies (both at creation and destruction)?
sh33p1985
Forum Commoner
Posts: 78
Joined: Thu Mar 11, 2004 9:22 am

Post by sh33p1985 »

left those parameters out on creation/descruction, tbh quite new with cookies...

ok, after visiting shop.php

Array ( [PHPSESSID] => 17c1cc76f4c6467305cd0ca8e963acca [sessionRef] => dbfe4c6c89b0181f098f58622f867872 )

after completing order (user redirected to script/process_order.php which tidys up and redirects to thank you page display invoice)

Array ( [PHPSESSID] => 17c1cc76f4c6467305cd0ca8e963acca [sessionRef] => dbfe4c6c89b0181f098f58622f867872 )

so both the session and cookie are not getting destroyed with the code im using...;/
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I want to know what the browsers are seeing, not what PHP is seeing. Everah has mentioned the browser extensions which can tell you the information rather simply.
sh33p1985
Forum Commoner
Posts: 78
Joined: Thu Mar 11, 2004 9:22 am

Post by sh33p1985 »

before shop.php

0 cookies

after shop.php

Name PHPSESSID
Value ba6f7a5dff509011d21ada1de8b86a67
Host http://www.individ-jewels.co.uk
Path /
Secure No
Expires At End Of Session

Name sessionRef
Value 14235b1346e7f99695a6b48416fb3d56
Host http://www.individ-jewels.co.uk
Path /
Secure No
Expires 27 January 2007 21:24:17

after order completion:

Name PHPSESSID
Value ba6f7a5dff509011d21ada1de8b86a67
Host http://www.individ-jewels.co.uk
Path /
Secure No
Expires At End Of Session

Name sessionRef
Value 14235b1346e7f99695a6b48416fb3d56
Host http://www.individ-jewels.co.uk
Path /
Secure No
Expires 27 January 2007 21:25:29

clearly updating it rather then destroying it...strange
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Is there a difference in where the deletion happens path or domain-wise from the creation?
sh33p1985
Forum Commoner
Posts: 78
Joined: Thu Mar 11, 2004 9:22 am

Post by sh33p1985 »

yup, creation in root, deletion in /scripts/web.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

I think that is your problem. You are setting a cookie with one path value, and to destroy it you are setting a new cookie with the same name but a different path. I think they are being seen as 2 different cookies.
Post Reply