PHP setting cookies in a child class

Question

I am writing a custom session handler and for the life of me I cannot get a cookie to set in it. I'm not outputting anything to the browser before I set the cookie but it still doesn't work. Its killing me.

The cookie will set if I set it in the script I define and call on the session handler with. If necessary I will post code. Any ideas people?

<?php




/* require the needed classes comment out what is not needed */
require_once("classes/sessionmanager.php");
require_once("classes/template.php");
require_once("classes/database.php");


$title=" ";  //titlebar of the web browser
$description=" ";  
$keywords=" ";  //meta keywords
$menutype="default";  //default or customer, customer is elevated
$pagetitle="dflsfsf "; //title of the webpage
$pagebody=" ";  //body of the webpage


$template=template::def_instance();
$database=database::def_instance();

$session=sessionmanager::def_instance();
$session->sessions();
session_start();
?>

and this is the one that actually sets the cookie for the session

function write($session_id,$session_data)
{
    $session_id = mysql_real_escape_string($session_id);
    $session_data = mysql_real_escape_string(serialize($session_data));
    $expires = time() + 3600;
    $user_ip = $_SERVER['REMOTE_ADDR'];
    $bol = FALSE;
    $time = time();
    $newsession = FALSE;
    $auth = FALSE;
    $query = "SELECT * FROM 'sessions' WHERE 'expires' > '$time'";
    $sessions_result = $this->query($query);
    $newsession = $this->newsession_check($session_id,$sessions_result);
    while($sessions_array = mysql_fetch_array($sessions_result) AND $auth = FALSE)
    {
        $session_array = $this->strip($session_array);
        $auth = $this->auth_check($session_array,$session_id);
    }

    /* this is an authentic session. build queries and update it */
    if($auth == TRUE AND $newsession == FALSE)
    {   
        $session_data = mysql_real_escape_string($session_data);
        $update_query1 = "UPDATE 'sessions' SET 'user_ip' = '$user_ip' WHERE 'session_id' = '$session_id'";
        $update_query2 = "UPDATE 'sessions' SET 'data' = '$session_data' WHERE 'session_id = '$session_id'";
        $update_query3 = "UPDATE 'sessions' SET 'expires' = '$expires' WHERE 'session_id' = '$session_id'";
        $this->query($update_query1);
        $this->query($update_query2);
        $this->query($update_query3);
        $bol = TRUE; 
    }
    elseif($newsession == TRUE)
    {
        /* this is a new session, build and create it */
        $random_number = $this->obtain_random();
        $cookieval = hash("sha512",$random_number);
        setcookie("rndn",$cookieval,$expires,'/');
        $query = "INSERT INTO sessions VALUES('$session_id','0','$user_ip','$random_number','$session_data','$expires')";
        $this->query($query);
        //echo $cookieval."this is the cookie <<";
        $bol = TRUE;    
    }
    return $bol;
}

code updated. still no luck

for some reason if any html is echoed after the session manager is started the cookie is called after the html. this doesnt make any sense to me

Answer 1

According to tour code, at least you have to set / directory in the cookie parameters.
But anyway, first of all you have to sniff cookies from the HTTP log. You can use Firebug to watch if server does set any cookie and if browser send any back

Answer 2

The problem is likely in your if/else statements. You are using:

if($auth = TRUE AND $newsession = FALSE)
...
elseif($newsession = TRUE)

The use of a single = means that you are assigning values, not comparing them. You need to use == instead of =.

Change to this:

if($auth == TRUE AND $newsession == FALSE)
...
elseif($newsession == TRUE)

With the code that you have right now, the first if block of your code will run every time, so your setcookie() call is never reached.

Answer 3

setcookie() returns false if php can't add the header. So for debugging try something like

 setcookie("rndn",$cookieval) or die('setcookie failed');

You can combine that with a test whether setcookie() is called in the first place

$rc = setcookie("rndn",$cookieval);
/* DEBUG-code don't forget to remove me */
error_log(sprintf("%s %s\n", date('Y-m-d H:i:s setcookie():'), $rc?'success':'failed'));

(or even better use a debugger like xdebug and e.g. netbeans as frontend).

Did you check the response headers in your browser? E.g. via the firebug extension. Perhaps the client receives the cookie header but doesn't accept it.