Page 1 of 2
browser issue - cookie detection
Posted: Fri Jan 26, 2007 2:35 pm
by sh33p1985
recently swapped over to firefox and an error has arose in a website i am currently testing.
to retrieve returning customers orders i use a cookie that holds a reference no. to their order (this cookie is destroyed on completion of your order). in IE this works fine, the user is returned to the shop front where a new cookie is created with a new reference no. but in firefox the cookie does not get destroyed and the new cookie does not get created which leads to some borked functionality.
i realise this is beacuse the way the browsers store cookie information. it seems firefox holds the data in a single file cookies.txt while IE creates a seperate files for each cookie.
if im mistaken please correct me but this is my initial analysis on the problem.
is there a way to safely detect the users browser to compensate for this oversight?
thanks.
Posted: Fri Jan 26, 2007 2:42 pm
by feyd
It doesn't matter how they, literally, store the cookies. It matters how you tell it to store the cookies. Please post your cookie creation code.
Posted: Fri Jan 26, 2007 2:43 pm
by RobertGonzalez
$_SERVER['USER_AGENT'] I believe will identify the browser, but honestly the browser should not be doing anything different to the handling of cookies is the code tells them to destroy it. Can you post your cookie destruction code?
Posted: Fri Jan 26, 2007 2:49 pm
by sh33p1985
Creation:
Code: Select all
if(isset($_COOKIE['orderRef'])){
//retrieve cookie data for use
}
else{
$reference = md5(uniqid(rand(), true));
setcookie("orderRef", $reference, time() + 86400);
}
Descrution: (executed after payment has been completed and order has been processed)
Code: Select all
setcookie("orderRef", "", time() - 86400);
setcookie(session_name(), "", time() - 86400);
session_destroy();
Posted: Fri Jan 26, 2007 2:56 pm
by RobertGonzalez
ave you loaded the app in Firefox and checked the cookie information for that domain before and after destruction?
Posted: Fri Jan 26, 2007 3:04 pm
by sh33p1985
not yet, whats the easiest way to view their name/values before and after?
Posted: Fri Jan 26, 2007 3:05 pm
by RobertGonzalez
sh33p1985 wrote:not yet, whats the easiest way to view their name/values before and after?
You can either open and view the cookies.txt file, or, to be a smarter critter, you could install the web developer toolbar extension and use the cookies menu to inspect them.
Posted: Fri Jan 26, 2007 3:07 pm
by sh33p1985
smarter is always better! bare with me a few mins ill get right on it.
Posted: Fri Jan 26, 2007 3:07 pm
by feyd
What paths and domains are being set for the cookies (both at creation and destruction)?
Posted: Fri Jan 26, 2007 3:14 pm
by sh33p1985
left those parameters out on creation/descruction, tbh quite new with cookies...
ok, after visiting shop.php
Array ( [PHPSESSID] => 17c1cc76f4c6467305cd0ca8e963acca [sessionRef] => dbfe4c6c89b0181f098f58622f867872 )
after completing order (user redirected to script/process_order.php which tidys up and redirects to thank you page display invoice)
Array ( [PHPSESSID] => 17c1cc76f4c6467305cd0ca8e963acca [sessionRef] => dbfe4c6c89b0181f098f58622f867872 )
so both the session and cookie are not getting destroyed with the code im using...;/
Posted: Fri Jan 26, 2007 3:16 pm
by feyd
I want to know what the browsers are seeing, not what PHP is seeing. Everah has mentioned the browser extensions which can tell you the information rather simply.
Posted: Fri Jan 26, 2007 3:25 pm
by sh33p1985
before shop.php
0 cookies
after shop.php
Name PHPSESSID
Value ba6f7a5dff509011d21ada1de8b86a67
Host
http://www.individ-jewels.co.uk
Path /
Secure No
Expires At End Of Session
Name sessionRef
Value 14235b1346e7f99695a6b48416fb3d56
Host
http://www.individ-jewels.co.uk
Path /
Secure No
Expires 27 January 2007 21:24:17
after order completion:
Name PHPSESSID
Value ba6f7a5dff509011d21ada1de8b86a67
Host
http://www.individ-jewels.co.uk
Path /
Secure No
Expires At End Of Session
Name sessionRef
Value 14235b1346e7f99695a6b48416fb3d56
Host
http://www.individ-jewels.co.uk
Path /
Secure No
Expires 27 January 2007 21:25:29
clearly updating it rather then destroying it...strange
Posted: Fri Jan 26, 2007 3:47 pm
by feyd
Is there a difference in where the deletion happens path or domain-wise from the creation?
Posted: Fri Jan 26, 2007 3:58 pm
by sh33p1985
yup, creation in root, deletion in /scripts/web.
Posted: Fri Jan 26, 2007 4:04 pm
by RobertGonzalez
I think that is your problem. You are setting a cookie with one path value, and to destroy it you are setting a new cookie with the same name but a different path. I think they are being seen as 2 different cookies.