PHP cookies problem, works in Firefox not in other browser.

Question

Hello,

I've a problem with setting cookies in php. I've to say that I'm not very experienced with php, so maybe is a very stupid problem.

I've an ajax rating system that should check a cookie to see if the the photo has already been voted.

The page called with ajax check for the cookie, add the id of the photo you are voting to it and call this function:

   setcookie("Name", $cookie, time()+(60*24*365), "/",  $_SERVER['HTTP_HOST'], 0);

The page that display the photo also call the cookie

   $cookie = $_COOKIE['Name'];

and check to see if you have already voted.

A problem may be the fact that the ajax page is in a different directory than the page that display the photo.

The page that display the photo is in the root directory, the page that cast the vote is in /ajax/vote.php

The voting system works, before I was checking the IPs, but know i need to check the cookies.

It work in Firefox without any problem, but when I've started testing on IE and Safari it seem they don't see the cookie.

I've checked with IECookieViewer and when I cast a vote the cookie is created allright, but when I go back to the page, it look like the page don't find the cookie. Also if I cast another vote the cookie is replaced with a new one.

Sorry for the bad english, I hope the problem is understandable

P.S. Forgot to point something that might be related to the problem. The page is inside an iframe.

Answer 1

Check the cookie settings of the other browsers and if they're set to block all or empty on exit.

If the cookies work in one browser, but not another, you will need to make sure that the other browser is letting you set cookies in the first place.

Sometimes it will look like you can create the cookie, but then it will disappear or be deleted with each page reload.

Cookies from an iframe

It's also possible that because you're setting the cookies in an iframe, that the browsers may view it as a third-party cookie and reject it unless explicitly set out in the browser preferences to allow third-party cookies.

In that case you would need a compact privacy policy (or a compact P3P header) on the pages from where you're trying to set the cookies from.

For PHP, you would add this as your header for the page setting the cookie:

header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');

Answer 2

I've had a similar problem in the past where cookies would be set by firefox but not IE if I was working with a local network server (192.168.0.102 or something like that) but when I ported it all over to the public server with a domain name it worked fine.

IE might have some kind of strange rules about cookies and domain names. Not sure if this helps in your case.

Answer 3

The IFRAME is the reason your cookies are being lost. Your PHP session id cookie is also being lost and a new session is created on each request, therefore losing track of previous state.

While P3P headers may help, client browsers can still be set to disallow third party cookies and P3P can't override that. Steve Gibson of Security Now! podcast fame repeatedly recommends to enable blocking third party cookies because it stops things like tracking cookies.

What you need to do is switch to form-based session id. PHP makes this easy by supplying the "PHPSESSID" form variable in either querystring or hidden input form variable with the value of session_id(). Or if you want to be portable, check the value of ini_get('session.name') incase the web server is configured with a custom session variable name, different than "PHPSESSID".

Answer 4

Are you setting the cookie on the exact same URL? If you're using $_SERVER['HTTP_HOST'] then one browser may set it for http://example.com while another may set it on http://www.example.com. If you visit the alternate version the cookie won't be set.

To quote the PHP docs:

The domain that the cookie is available. To make the cookie available on all subdomains of example.com then you'd set it to '.example.com'. The . is not required but makes it compatible with more browsers. Setting it to www.example.com will make the cookie only available in the www subdomain.

So try setting '.yoursite.com' as the domain.

Other things to try:

• $name is the only required parameter in the setcookie function - try skipping everything after $expire and see if it works.
• Try setting an $expire value a long way into the future. Maybe there is something on your computer or the server causing a time issue?
• Have you checked in your browser if the cookie is definitely being set? There should be a way to list every cookie set. Set the cookie and check your browser.

Answer 5

problema en cookies para ie SOLUCIONADO: problem at cookies for ie SOLVED:

Es SIMPLE, Cuando declaren la cookie y escriben en el EXPIRE: time()+60*60*24*30, cambien los 60's por 120 asi: time()+120*120*24*30. A m'i me funcion'o a la perfeccion.

Its simple, when you declare the cookie, at the expire time "time()+60*60*24*30", change los 60's by 120 so: time()+120*120*24*30. It worked for me.