Page 1 of 1

Cookies and cloaked domains

Posted: Wed Apr 09, 2003 2:23 am
by Matt Phelps
My site has just been moved onto another webhost but I am using a cloaked domain to keep the old URL and redirect people to the new site. The new webspace has the same php settings as the old one. I have checked the phpinfo.

For some reason that may or may not be related to this my cookies have stopped working. :( I cannot seem to get the site to read the cookies back from the client. Effectively I cannot 'log on' anymore.

Can anyone advise me what exactly I should have in my setcookie code? I'm thinking I might have to include the domain (which one?!) parameter but I'm not clear on whether I can leave some parameters out or not - and I've read some stuff about 'double dots' etc that I didn't fully understand.

Anyway, here's what I have now (and was working fine until I moved webspaces and used a cloaked redirect):

Code: Select all

<?php

		setcookie("UNAME", "$f_user", time()+31536000);	
		setcookie("USTATUS", "admin", time()+31536000);
		setcookie("UPASS", "$encrypt_pass", time()+31536000);
		setcookie("UTIMEZONE", "$timecheck->timezone", time()+31536000);	
		setcookie("UDAYLIGHT", "$timecheck->daylight", time()+31536000);	

?>

?>
Can anyone advise me what I should try here? For info the old URL was http://www.racesites.net/atlas and the new one is http://www.mattphelps.co.uk/atlas. I now have http://www.racesites.net as a cloaked redirect to http://www.mattphelps.co.uk. I'm not totally convinced that this is relevant or not.

If the site sets the cookie with a domain of 'mattphelps.co.uk' and then someone comes along and gets to the site via 'racesites.net' then I assume that the cookie will be invalid. If I change the cookie domain parameter so that it says 'racesites.net' then will the cookie be valid? Even though the true url is a 'mattphelps.co.uk' url?!?

Posted: Wed Apr 09, 2003 6:39 am
by DeGauss
The problem may be starting with the fact that you're setting the cookie to last for a year.

Even if you physically delete the cookie from your system, the value will still pop up when you revisit the site. Crazy but true.

Try writing a script that will unset any cookies you may have right now, and then go back to the original script to see what happens.

Since you're not specifying the direct URL in the setcookie function, the cookie is being set for the current domain it knows the script is on. So even a cloaked URL won't do much harm, since the cookie and the script knows which URL it's really on.