2

I am creating a cooking in htaccess with a RewriteRule. In my testing I simply cannot get this cookie to go away. Here is how I am creating the cookie, which I was helped with in this thread:

[L,CO=redirect_indicator:yes:.www.example.com,R=301]

So the cookie has the default expiration time which should be for just the duration of the browsing session. I am trying to destroy it at the end of my script and I am just getting confusing results.

So, I will do this at the top of my script to see the cookie for testing purposes:

var_dump($_COOKIE['redirect_indicator']);

Then at the end of my script I run the following (with help from another stack thread here) I have tried much simpler destroy scripts than this as well but none seem to do the trick:

if (isset($_SERVER['HTTP_COOKIE'])) {
    $cookies = explode(';', $_SERVER['HTTP_COOKIE']);
    foreach($cookies as $cookie) {
        $parts = explode('=', $cookie);
        $name = trim($parts[0]);
        setcookie($name, '', time()-1000);
        setcookie($name, '', time()-1000, '/');
    }
}

Now after that code section I also run this again:

var_dump($_COOKIE['redirect_indicator']);

and infact the cookie is not there! Which is great, but just as soon as I run the script again on a page that should not generate the cookie, the cookie still shows up during my first var_dump.

Is there anyway to get rid of this cookie or will I always be at the mercy of what the browser has in store. It indeed goes away when I restart the browser, but I need this thing to go away after the script has executed.

Community
  • 1
  • 1
absentx
  • 1,397
  • 4
  • 17
  • 31
  • 4
    Every time the request falls through the rewrite rule that set's the cookie, the cookie will be set again. If that happens on every request, it will get recreated on every request regardless of whether you try to unset it. And if you wan't to destroy all the cookies, why not just `foreach ($_COOKIE as $name=>$val) setcookie($name, '', 1);`? – DaveRandom Apr 12 '12 at 17:03
  • I am basically using the cookie as a marker for a redirect, to let me know the old url the person was trying to get to (that is now 301'd) that old ulr tells me where I need to send them. The issue is I use the same script to redirect everyone but not every link triggers the cookie. So my nightmare scenario is that someone uses a link that gets the cookie, but then comes back and hits another link that doesn't trigger cookie, but the cookie is still there and I am having trouble processing around it. – absentx Apr 12 '12 at 19:50

2 Answers2

1
setcookie($name, '', time()-1000);

The above is indeed setting the expiration in the past which is the only way to delete a cookie - however, cookie will not be deleted from the users computer until all their browser windows are closed.

If you need the cookie to not impact the script anymore, reset the value to something which you can later define as an exception such as "delete"

if(isset($_COOKIE['redirect_indicator']) && $_COOKIE['redirect_indicator'] !== 'delete')
squarephoenix
  • 1,003
  • 7
  • 7
  • I am working with this solution, but still having trouble defeating nightmare scenario stated in comment @DaveRandom. For example, If i use an exception variable like your solution, that is great when they come back to a page that didn't set the cookie and doesn't use it in the script, but what if they again hit a link that sets the cookie? Wooooo can I unset the exception cookie in htacces??? – absentx Apr 12 '12 at 19:51
  • if they again hit a link that sets the cookie, the value would change back from "Delete" to whatever functioning value it has. I'm not completely understanding what the issue is. If you need cookies to stay for each 301'd url, but delete for others, why don't you designate the key of the cookie as something unique to the url? – squarephoenix Apr 12 '12 at 20:01
  • see I guess that is the problem I am having. Even if I reset $_COOKIE['reset_indicator'] to 'deleted' at the bottom of the script, it is still reading as what it was initially set to when I refresh script. And, I certainly will designate the key but I am not even to that point yet because I am having so much trouble getting the cookie to take the value I want other than what htaccess sets it to. Ill see if I can provide some more information shortly. – absentx Apr 12 '12 at 20:07
  • yeah its like everything I try, the cookie always retains that original value assigned from the htaccess file. I change the value at the end of the script, then visit a page that should not trigger the htaccess cookie, and a var_dump of redirect_indicator still reads the original value and not 'deleted'. Wow, this is frustrating, appreciate the help. – absentx Apr 12 '12 at 20:19
  • The cookie is being set at the beginning of every script for whatever reason... I'm not sure how .htaccess works, it may be writing the cookie automatically to every user who visits any page, meaning it's deleted only to be re-written by htaccess on refresh.. – squarephoenix Apr 12 '12 at 20:52
1

Some thoughts:

(1) In your script you read out $_COOKIE, then you overwrite a cookie, then you look at $_COOKIE again. Has $_COOKIE been updated in the meantime? As a user contributed note on http://www.php.net/manual/en/reserved.variables.cookies.php says:

"The value of $_COOKIE is determined by the content of cookies received in the user agent's request.

If you set a cookie (ie send it to the browser), it won't be sent back until the next request and so the data won't be present in $_COOKIE."

Your second call for $_COOKIE simply retains the values that this variable held at the beginning of your script. Look at your browser to see if your cookie was changed or deleted, not at $_COOKIE.

(2) In the thread you link to, it says that your .htaccess should say:

RewriteRule ^example/directory/go\.php$ example.com/go.php [L,CO=tracker:yes:.example.com,R=301]

not:

[L,CO=redirect_indicator:yes:.www.example.com,R=301]

as you write. Can it be that you forgot the first part of that line and that your [flags] therefore gets applied to whatever RewriteRule comes above it or even to every page that is called?

(3) Why don't you pass the old URL along in your redirect instead of saving it in a cookie:

    RewriteRule ^(example/directory/go\.php)$ example.com/go.php?old=$1 [R=301]

You can then parse $_GET['old'] in go.php.

  • That may very well be an option, thanks much! in response to your first question, I do have the rewrite rule as indicated in the original post, I was just posting the cookie part for the purposes of that post. But I have not actually consulted the browser for cookie values so I will certainly do that. – absentx Apr 15 '12 at 22:36