Detecting if client's browser has Cookies Turned Off

Question

I want to check if the user of my website is allowing cookies or not.

Basically I want to do the following:

<?php
     if(cookies are enabled)
     {
          /* Cookies related code goes here */
          /* Create PHP cookie, read cookies etc */
     }
     else
     {
          /* Do something else */
     }
?>

My idea is to check if setcookie function returns true then cookies are enabled otherwise not.

Check this http://stackoverflow.com/questions/531393/how-to-detect-if-cookies-are-disabled-is-it-possible — Sandeep Manne, Apr 05 '12 at 13:26

score 4 · Answer 1 · answered Apr 05 '12 at 13:49

As above: it won't always work.

So, basically, you can do something like this:

<?php
setcookie('enabled', '1');
if($_COOKIE['enabled']=='1'){
    echo('Cookies are enabled. ');
}else{
    if($_GET['nocookies']==1){
        echo('Cookies are disabled. ');
    }else{
        $adr = explode('/', $_SERVER['SCRIPT_NAME']);
        header('Location: '.$adr[count($adr)-1].'?nocookies=1');
    }
}
?>

score 1 · Answer 2 · answered Apr 05 '12 at 13:24

1

The 'setcookie' return isn't enough. In case of Firefox, this function does return true even if cookies are disabled. I think the best way to check it is setting a value in a cookie and checking for that value in the next request.

answered Apr 05 '12 at 13:24

julesj

754
4
10

How can I know on the next request that it is a new request from some other user or the one which has cookies disabled? – sumit Apr 05 '12 at 13:41
On situations like login this would be possible. – julesj Apr 05 '12 at 18:26

icc97 · Answer 3 · 2014-11-12T22:47:43.117

To answer your question exactly, if you create a function

<?php
function cookies_are_enabled() {
    setcookie('enabled', 'enabled');
    return $_COOKIE['enabled'] === 'enabled';
}
?>

Then in your code you have:

<?php
if (cookies_are_enabled()) {
  /* Cookies related code goes here */
  /* Create PHP cookie, read cookies etc */
} else {
  /* Do something else */
}
?>

Update: As pointed out in the comments. This won't work directly. From the setcookie PHP page (my emphasis):

'Once the cookies have been set, they can be accessed on the next page load with the $_COOKIE or $HTTP_COOKIE_VARS arrays. Note, superglobals such as $_COOKIE became available in PHP 4.1.0. Cookie values also exist in $_REQUEST.'

Given that you can't trust setcookie, best I can think of doing is forcing a redirect.

<?php
function cookies_are_enabled() {
    // if first page load
    // set cookie and redirect
    // if redirected check the cookie
    if (isset($_GET['cookie_check'])) {
        return $_COOKIE['enabled'] === 'enabled';
    } else {
        setcookie('enabled', 'enabled');
        if (empty($_SERVER['QUERY_STRING'])) {
            $url = $_SERVER['PHP_SELF'].'?cookie_check=1';
        } else {
            $url = $_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'].'&cookie_check=1';
        }
        exit(header("Location: $url"));
    }
}

if (cookies_are_enabled()) {
    /* Cookies related code goes here */
    /* Create PHP cookie, read cookies etc */
    $message = 'cookies are enabled';
} else {
    /* Do something else */
    $message = 'cookies are <strong>not</strong> enabled';
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Cookies!</title>
</head>
<body>
    <p><?php echo $message; ?></p>
</body>
</html>

This solution doesn't work for the first HTTP request. Only after a page reload (and sending a second one). — automatix, Nov 11 '14 at 13:49
@automatix You're quite right it doesn't. I've changed my answer to add in a redirect, which I realise now makes my answer basically the same as Anhonime's — icc97, Nov 12 '14 at 22:41

Detecting if client's browser has Cookies Turned Off

3 Answers3