01242 244620
Get a free website review

Blog > Web Development > PHP Cookies Crumble

Calendar Posted 9th March 2012 | Feed Icon
Simon

We have recently updated our security and user log in code which meant updating a few pieces of cookie related PHP. In doing so, we came across a couple of minor anamolies that would have saved us a lot of time and frustration if we had been aware of them.

#1 - setcookie vs session_set_cookie_params parameter differences

The two function calls defined below on first glance appear very similar indeed. In fact if you ignore the first two parameters of the setcookie function they seem to all intents and purposes to be pretty much identical.

void session_set_cookie_params ( int $lifetime [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]] )

bool setcookie ( string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]]]] )

However, the difference between the expire (setcookie) and lifetime (session_set_cookie_params) arguments is crucial and easy to overlook. The lifetime parameter is the amount of time in seconds from now that the cookie is to live, whereas the expire parameter is the timestamp at which the cookie is to expire. Quite why the two functions differ in such a seemingly inconsistent and confusing way is beyond us!

#2 Cross browser cookie domain differences

After a lot of debugging we also spotted that Internet Explorer (surprise, surprise) handles relative cookie domain paths particularly badly. Instead of handling them in an intelligent way i.e. by adding the relative path onto the end of the current domain, it decides to simply discard them! Almost every other browser seems capable of handling such an innocuous situation and when you develop in Firefox or Chrome and then do final testing in IE this is a particularly frustrating bug to discover.

Hopefully, this mini-blog will help at least one person overcome these same issues with less wasted time and vented frustration.

by Simon | 9th March 2012

We use cookies to help make our website better.

At the moment, your preferences prevent us from using cookies. OK otherwise Find out more.

How we use cookies

Google Analytics is a marketing tool that allows us to see how our site is used, for example how many visitors we get and which pages are viewed most. This information is anonymous but requires cookies to track your actions on our website.

ShareThis is included in our blog pages to provide links to social media tools like Twitter and Facebook, and enable you to bookmark or recommend our pages. This code includes cookies so that ShareThis can track how people use its service.

YouTube is used where we display a video on our website, and includes cookies that track actions such as clicking on related videos.

You can find out more about cookies at www.allaboutcookies.org/manage-cookies

If you'd prefer us not to use cookies, please click here, or if you don't mind us using cookies please click here.