Cookie Woes :0(

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

O, woe is me, to have seen what I have seen, see what I see!

(That's Shakespeare for those who were wondering what I'm on about)

I am "having fun" with cookies.

And I wonder if I have missed something obvious.

I am writing a simple shopping cart that uses cookies.

It works as I expected in IE6 (Microsoft, all is forgiven...)

But it only half works in NN7, Firefox or Opera 7 (they are the only ones I
have tested so far)

Without pasting in reams of code, here is an overview of what it does.

When the visitor clicks on BUY PRODUCT, a row is inserted into the ORDER
TABLE that includes the cookie_id and product _id (amongst others)

This works in perfectly all browsers.

Next, a query is run to find all of the rows in the ORDER TABLE that have
the user's cookie_id, and the results are output as a summary of the order.

This works as expected in IE6 (Big up tha man like BillG)

But gives me no results in any of the other browsers

Any simple answers?



Re: Cookie Woes :0(

Mark wrote:
Quoted text here. Click to load it
If at all possible, try to use sessions, they're not any harder than
cookies, and more secure.  You can store the user's shopping list in a
serialized array, as to avoid the slow downs of MySQL access. Here's
some sample code:

When the user clicks Buy Product:
$_SESSION['list'][] = $product_id;  //You get this ID from wherever the
user clicked Buy Product

Make sure that you put session_start(); at the top of every page of your
site, in order for your list to carry over if they add more items to the
  list.  Also, this is almost guaranteed to solve your browser woes.

Ivan Filippov

Re: Cookie Woes :0(

On 4/7/05 3:20 PM, in article 8ni5e.919740$Xk.214042@pd7tw3no, "Ivan

Quoted text here. Click to load it

Is this at all true? Aren't PHP sessions tracked by cookies (or alternately
in a GET-readable and therefore thoroughly insecure query string addition)?

I keep on hearing this about PHP sessions being more secure than cookies,
and I guess that's true if you're storing sensitive data in cookies rather
than storing a ID and keeping the sensitive data on the server, but I don't
know why anyone would want to rely that heavily on client-side cookies for
data storage anyway.

Just asking,


Re: Cookie Woes :0(

Steven M. Scotten wrote:
Quoted text here. Click to load it
Quoth the PHP docs:
"A visitor accessing your web site is assigned an unique id, the
so-called session id. This is either stored in a cookie on the user side
or is propagated in the URL."

There are security risks with both methods, but good practice by the
user, such as logging out of the site before heading to another site
if using the URL propagation method.  It's really up to the code monkey
in question concerning what they want to do, I personally find that
sessions are better for storing information, ease of access and
simplicity of implementation.  Plus as I said in my reply to Mark,
sessions + DB works way better than cookies + DB.  :)

Ivan Filippov

Re: Cookie Woes :0(

Hi Ivan

Thanks for your response...

I have used sessions quite a lot, but didn't want to force a log on, and
wanted visitors to be able to come back under a different session and
continue with their order... That's why I was experimenting with cookies.

I have fixed it...

And I feel such a fool!

I feel quite ashamed even admitting to my mistake, but my counsellor told me
that honesty is the only true path to enlightenment, and who am I to


I hadn't put ' ' around the cookie_id variable in the query...

And under examination, I found that the HEX cookie_id that had been
generated for IE just happened to be a huge integer (so it worked without '
'), whilst the cookie_ids assigned to the other browsers all had characters
in it, so the fact that it worked in IE was a completer fluke. Bill didn't
have anything to do with it...


Mark (suitably chastened)

Quoted text here. Click to load it

Re: Cookie Woes :0(

Mark wrote:
Quoted text here. Click to load it
You can serialize the session too and store it in your DB along with an
IP of the user.  Most users nowadays have Anti-SpyWare software
installed which removes unwanted cookies which makes return visits with
the same cookie unlikely, either way though, wish you luck. :)

Ivan Filippov

Re: Cookie Woes :0(

don't need any sort of logon to use sessions.

Also, in order to minimize the num of cookies I set on a users computer
I serialize an array and send that as the cookie.

I have send and write cookie funcs that automatically
serialize/deserialize if necessary

Re: Cookie Woes :0(

Quoted text here. Click to load it

If you'd tell me you code doesn; work in anything but IE I'd say your
code is broken. So post some code, this specific part should be more
than a couple of lines (summarize).

Next get a packetsniffer and check for differences between data send
when using IE vs. all others.

FUP c.l.p.

Site Timeline