1

I'm probably doing something really stupid but I can't figure it out.

Code inside of main page

<script>
var pass = prompt("Enter pass:");

$.post(
"/php/sessions/set_session.php",
{ pass: pass },
function(result) {  
    if(result == "true")
    {
        window.location = "/Article_View/";
    }
    else
    {
        alert("Wrong password");    
    }
}
);
</script>

PHP Code

<?php
if($_POST["pass"] == "password")
{
    //Vars for connecting to database.
    $hostname = "secret";
    $username = "secret";
    $dbname = "secret";

    //Login vars
    $password = "secret";
    $usertable = "secret";

    //Connecting to database
    mysql_connect($hostname, $username, $password) OR DIE ("Unable to connect to database! Please try again later.");
    mysql_select_db($dbname);

    //set IDstring cookie for this sesh
    $expire = time()+60*60*24;//24hr cookie
    $IDstring = rand_string(10);
    setcookie("IDstring", $IDstring, $expire);

    //save IDstring to SQL for comparasent of cookie
    $query = "UPDATE {$usertable} SET IDstring='{$IDstring}'";
    $result = mysql_query($query);

    echo "true";
}
else
    echo "false";

//IDstring gen
function rand_string( $length ) {
    $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";  

    $size = strlen( $chars );
    for( $i = 0; $i < $length; $i++ ) {
        $str .= $chars[ rand( 0, $size - 1 ) ];
    }

    return $str;
}
?>

I can see that it sets the IDstring in phpmyadmin, but the cookie isn't setting at all.

I'm using Chrome and cookies are enabled. It don't show up in resources and isset($_COOKIE["IDstring"]) returns false.

What am I doing wrong?

Thanks in advance.

Nikita240
  • 1,377
  • 2
  • 14
  • 29
  • 2
    *Obligatory:* The `mysql_*` functions is [deprecated in PHP 5.5](http://php.net/manual/en/faq.databases.php#faq.databases.mysql.deprecated). It is not recommended for writing new code as it will be removed in the future. Instead, either the [MySQLi](http://php.net/manual/en/book.mysqli.php) or [PDO](http://php.net/manual/en/book.pdo.php) and [be a better PHP Developer](http://jason.pureconcepts.net/2012/08/better-php-developer/). – Jason McCreary Jul 16 '13 at 15:34
  • Out of interest why are you storing IDstring to a cookie anyway when you can just add it to $_SESSION? – Anigel Jul 16 '13 at 15:37
  • Habit. Does the same thing anyway – Nikita240 Jul 16 '13 at 15:39
  • No it does NOT do the same thing, one stores potentially sensitive data on the client where it can be copied, seen and altered, the other stores it securely on the server. – Anigel Jul 16 '13 at 15:41
  • 2
    Why are you building your own session identifier? standard PHP sessions not good enough for some reason? They'll take care of the random string generation, cookie setting, etc... for you. – Marc B Jul 16 '13 at 15:43
  • You set IDstring and look for ID_string. You really are better off just using standard php sessions as your random id generation is not robust and makes no attempt to ensure it is unique. – Anigel Jul 16 '13 at 15:51
  • You're right, but it will still use the same cookies, so I don't see why this shouldn't work. And the ID_string I just copied over wrong. It's actually IDstring in my code. – Nikita240 Jul 16 '13 at 15:54
  • 2
    you should set the cookie path. check out this post. http://stackoverflow.com/questions/5636506/php-setcookie-not-working-with-ajax-call. – gywbd Jul 16 '13 at 15:59

2 Answers2

3

it is just a guess but try adding "/" as a 4th param in your setcookie

setcookie("IDstring", $IDstring, $expire, "/");
lePunk
  • 523
  • 3
  • 10
  • also try adding this error_reporting(E_ALL); ini_set("display_errors","On"); sometimes my editor ads a BOM character at the top of the file and since its sending out the header the cookie is never set – lePunk Jul 16 '13 at 15:55
  • 1
    For the reason WHY this works, see gywbd's link above: http://stackoverflow.com/questions/5636506/php-setcookie-not-working-with-ajax-call It has to do with path issues, which I didn't even know were a thing with cookies! – DOOManiac Oct 20 '14 at 15:46
1

Add : 

<?php
session_start();
...
?>
d.danailov
  • 9,594
  • 4
  • 51
  • 36