Check if cookies are enabled without setting GET parameter or sessions in PHP

Question

Much like the question asked in Detect if cookies are enabled in PHP and Check if cookies are enabled I'd like to know if cookies are enabled.

I am, however, trying to make this as transparent as possible for the user and as such I'm not interested in having some "cookietest=1" parameter appended to my URL.

I know I can just redirect back to the page the user originally entered, unset "cookietest=1" GET parameter and just tell the original page if cookies are disabled or not through sessions, but...

I'm currently using CodeIgniter and don't want to mess up CodeIgniter sessions, hence not using PHP sessions to store the cookie enabled/disabled state.

I'm actually not sure if using PHP sessions will mess up CodeIgniter sessions, but even if it doesn't I'm still interested in knowing if there is some ingenious solution out there, that can do the cookie check without setting a GET parameter or using sessions (redirect are fine, however)?

Update

Seems I need to clarify a little bit:

I want to know if cookies are enabled client side. I've already tried the method described in the questions I linked to, i.e.:

1. Set cookie.
2. Redirect to either a check cookie PHP page or the same page with a "cookietest=1" GET parameter.
3. See if the cookie is still set: If yes => Hooray, cookies are working!, otherwise => Boo, cookies are disabled.

The thing I'm asking is whether or not it's possible to do this without setting the GET parameter (because this becomes visible in the URL). The answer to that question is "Yes, if you use PHP sessions".

My next question is then: Is it possible to do without setting the GET parameter AND without using PHP sessions?

Answer 1

Basics: You can't know if a user has or not enabled cookies until you send one cookie to the client and you recive the same from him.

So the flow:

• Client Request
• Server Response (+ cookie)
• Client Request (+ cookie)

can't be avoided from any way

You can track if cookies are enable using some test request (ajax, image, etc)

For example you can use a simple 1px image or any logo image served from your php script and you can track if cookies are enabled or not.

So the flow is now:

• Client Request
• Server Response HTML (+ cookie)
• Client Request remote page resources (js, img, css) (+ cookie)
• Server Response with page resource requested

Something like

<?php 
    // domain.com/some.js
    if (isset($_COOKIE['test']))
         $_SESSION['cookies_enabled'] = true;

    echo <<JS
    <someJS code or nothing>
    JS;
 ?>

Answer 2

I looked into this a LOT a while ago and it seemed every way had its flaws. One thing I took into account as well was how the cookie check would work if the user were to update the page or go back to the page via the back button.

Apparently, for the server to see whether the client accepts cookies or not the client has to send an additional HTTP request after the server has attempted to set a cookie, in which the server looks for a cookie header indicating that the client accepts cookies (no header = cookies not accepted). This additional request can be a redirect to another page (see the usual method with a $_GET parameter acting as a flag saying if an attempt to set the cookie has taken place or not) but the important thing is really that it's just another HTTP request. What I ended up doing was wrapping my entire page in a HTML FRAMESET:

<?php
    setcookie('test', 1, time() + 3600);
    echo '<HTML>
        <HEAD>
            <TITLE>
            </TITLE>
        </HEAD>
        <frameset rows="100%" cols="100%">
            <frame src="next.php">
        </frameset>
    </HTML>';
?>

...then in the additional HTTP request for next.php I know that there will be a cookie header included in the request if the client has accepted cookies and therefore I don't have to use a $_GET parameter as a flag indicating this. Next.php thus looks like:

<?php
    if(count($_COOKIE) > 0){
        //Set some variable that indicates to the rest of the script that cookies 
        //are enabled.
    }
    else {
        //Set some variable indicating that cookies are disabled
    }
    //Output the rest of the script and HTML code to be displayed
?>

I thought about doing the same thing but sending the additional HTTP request from an IMG tag instead of a FRAMESET but I ran into trouble as to how I would indicate to the parent script via an image whether cookies were set or not and therefore I ended up doing it this way. The ONLY flaw I see in this method is that if the user right-clicks inside the frame and choose to update only the frame (not the entire page) then the frame will falsely claim that cookies are disabled but compared to the downsides of all the other ways, I thought that was acceptable.

EDIT: I should also add that I made a point out of doing this without Javascript as well.

Answer 3

I would use php.ini settings to find such things out. Maybe like this:

if (ini_get("session.use_cookies") == 1) {
  print "cookies enabled";
}

Answer 4

While you could just check if php has cookies enabled a very simple test would be to just set a cookie and then try to read it.

If you successful read it, it worked. This would also inform you if the client disallows cookies.