Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Cookie is present in browser, but php $_COOKIE is empty

Tags:

php

cookies

I have a project that works on a local server but not on my production server, due to cookies not being seen by the server. I've made a minimal version of the code that reproduces the issue on that server:

<?php

if(!isset($_COOKIE['foo'])){
    setcookie('foo', 'bar', time() + 7*24*60*60, '/');
    echo "Cookie was not found, so we just created it.";
} else {
    echo "Cookie was found!";
}

?>

No matter how many times I refresh this page, I always get the "not found" message. Whenever I try to log the $_COOKIE variable, I get an empty Array. However:

  • The cookie is present in the browser, and correctly sent with the request
  • The cookie is set and read in the same file (it's not an issue with the path)
  • There is no output before setcookie, and the file is encoded in UTF8 without BOM

I think this is a server configuration issue, since the code works locally, but I have no idea where to look. Has anyone seen this before, do you know what could cause this?

If you need more info, just tell me and I'll add it to my question. Thank you!

like image 648
blex Avatar asked Sep 23 '16 12:09

blex


People also ask

What does $_ cookie mean in PHP?

A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each time the same computer requests a page with a browser, it will send the cookie too. With PHP, you can both create and retrieve cookie values.

Can a cookie value be empty?

You can't set a cookie with an empty string as it will delete the cookie. From the docs: If the value argument is an empty string, or FALSE, and all other arguments match a previous call to setcookie, then the cookie with the specified name will be deleted from the remote client.

What PHP function checks if a cookie exists or not?

Use the isset() function upon the superglobal $_COOKIE variable to check if a cookie is set.

Where is PHP cookie stored?

Cookies are always stored in the client. The path only sets restrictions to what remote pages can access said cookies. For example, if you set a cookie with the path "/foo/" then only pages in the directory "/foo/" and subdirectories of "/foo/" can read the cookie.

What is a cookie in PHP?

A cookie is often used to identify a user. A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each time the same computer requests a page with a browser, it will send the cookie too. With PHP, you can both create and retrieve cookie values.

Why is my Cookie not being stored in the browser?

If the cookie’s attribute SameSite is None the cookie has to be set with flag Secure. If the cookie doesn’t have the Secure flag, the browser ignores the Set-cookie server’s response header and the cookie is not stored to the browser. If you got this wrong, you probably see in the the developer console following error message:

What happens when setcookie () successfully runs?

If setcookie () successfully runs, it will return true . This does not indicate whether the user accepted the cookie. An alternative signature supporting an options array has been added. This signature supports also setting of the SameSite cookie attribute. Some examples follow how to send cookies:

How to set the expiration date of a cookie in PHP?

However, we recommend you to use the PHP setcookie () function mentioning the expiration date in the past as demonstrated below: <?php // setting the expiration date to an hour ago setcookie ( "user", "", time () - 3600 ); ?> <HTML> <body> <?PHP echo "Cookie 'user' is deleted."


1 Answers

If there's a cache server or CDN involved, it may be filtering cookies based on a whitelist. This is to improve caching, since each request with a unique set of cookies would need to be regarded as different from other requests and could not be cached (you may receive a different reply from the server based on your cookies, so the cache server cannot serve you the cached response of a previous client). Since lots of services are setting cookies which may be sent to the server (e.g. analytics packages) but have absolutely no influence on the contents of the response, heeding all cookies by default would often completely subvert caching.

Configure the caching server in charge to specifically pay attention to your cookie and to forward it to the origin server. If you have a lot of different cookies, consider giving them a common prefix and whitelist that (e.g. foo-*).

like image 63
deceze Avatar answered Oct 11 '22 00:10

deceze