Can't retrieve cookie value in PHP

Question

I stuck this code at the top of my login page which should redirect the user back to the home page if they are already logged in, but it doesn't work, it simply does nothing, even though I know the cookies has been set. To be extra sure the cookie had been set I went into chrome settings and checked all the cookies that my website has stored and sure enough, my cookie was set there. I have no idea why this isn't working, it's probably just a silly little error I made, but I've been programming all night, and I figure a fresh set of eyes might spot something I might have missed.

Code:

<?php
    if(isset($_COOKIE['user'])){
        header("Location: index.php?content=home");
    }
?>

How the cookie is assigned:

<?php
$user = $_POST['user'];
$pass = $_POST['pass'];

$redir = $_GET['redir'];

include('con.php');

$query = mysql_query("SELECT * FROM users WHERE name='{$user}'");
$numrows = mysql_num_rows($query);
$array = mysql_fetch_array($query);

if($user==""||$pass==""){
    header('Location: ../login.php?error=Please fill out EVERYTHING&redir=' . $redir);
}

else if($numrows < 1){
    header('Location: ../login.php?error=User does not exist&redir=' . $redir);
}

else if($pass !=$array['pass']){
    header('Location: ../login.php?error=Invalid user/pass combo&redir=' . $redir);
}

else{
    setcookie("user", $array['ID']);
    header('Location: ../index.php?content=' . $redir);
}

?>

EDIT: Below is what i am getting when i print_r($_COOKIE)

Array
(
    [_okbk] => cd4=true,vi5=0,vi4=1381557924453,vi3=active,vi2=false,vi1=false,cd8=chat,cd6=0,cd5=away,cd3=false,cd2=0,cd1=0,
    [_ok] => 5197-288-10-3215
    [olfsk] => olfsk8855679365806282
    [wcsid] => aqVZBde4DlLmegpG5L3JS16nDXl0aIA9
    [hblid] => oBSPj2E8hdamA4nK5L3JS16nDXrqAaPK
    [_oklv] => 1381563654520,aqVZBde4DlLmegpG5L3JS16nDXl0aIA9
)

I assign the cookie with "setcookie('user', $array['ID'])" and after pasting the value of the cookie in that same chunk of code I know I set it right, it just isn't able to be accessed from other pages for some reason — Jordan LaPrise, Oct 12 '13 at 07:49
so there is no cookie with the index hello so you need to assign first to use — NullPoiиteя, Oct 12 '13 at 07:52
I did assign the cookie, and when I look through the list of stored cookies in google chrome it's there, the page just isn't seeing it for some odd reason. — Jordan LaPrise, Oct 12 '13 at 07:54
Check my edited question, I assign the cookies in the bottom "else" of the code block I added — Jordan LaPrise, Oct 12 '13 at 08:01
And yes it is going to the else block to my knowledge ganeshrj, because the cookie is set when I look in the chrome settings, and it is redirecting me to the page I came from after I log in. — Jordan LaPrise, Oct 12 '13 at 08:02
Try Changing the cookie name to user_name or something else. The post variable and cookie have the same name.. — Ganesh RJ, Oct 12 '13 at 08:03
and your code is vulnerable to sql injection also you are using obsolete mysqli_* api check http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php/14110189#14110189 — NullPoiиteя, Oct 12 '13 at 08:06
I know my code is vulnerable, it is not done, I am focusing on getting my code functional before adding security measures. And ganeshrj, that made no difference, thanks for the idea though. — Jordan LaPrise, Oct 12 '13 at 08:09
Is the 1st block of code in the same page as the cookie setting code? — Ganesh RJ, Oct 12 '13 at 08:13
No, that block of code is just on the login form page, the actual login code is in a different script — Jordan LaPrise, Oct 12 '13 at 08:15

score 2 · Accepted Answer · answered Oct 12 '13 at 08:17

2

You are setting cookie for 0 seconds like setcookie("user", $array['ID']);. 3rd parameter in setcookie is $expire and by default it is =0.

setcookie("user", $array['ID'], 3600, '/'); # set cookie for 1 hour and for whole domain

answered Oct 12 '13 at 08:17

Glavić

42,781
13
77
107

I think this may be the problem, but is there any way to make it never expire? – Jordan LaPrise Oct 12 '13 at 08:21
No. You can just use a far future date. http://stackoverflow.com/questions/3290424/set-a-cookie-to-never-expire – Glavić Oct 12 '13 at 08:22
So there's no way to keep the cookie until I manually delete it? – Jordan LaPrise Oct 12 '13 at 08:24
No. You can set it far in the future, or re-set it on intervals. – Glavić Oct 12 '13 at 08:26
I'm pretty sure it was the domain setting that worked, because when I looked up cookies in my browser I had cookies stored for mydomain.com and www.mydomain.com – Jordan LaPrise Oct 12 '13 at 08:33
The cookie persists till the session expires . I think the problem was due to the path . I think you were setting the cookie in one path and accessing at a different path . However your problem is solved with Glavic's answer which I think addressed path issue . – Uours Oct 12 '13 at 08:33
@Uours: I kinda predicted that after he will save timeout issue, that he will come back with question, why must he set cookie for every path/subfolder ;) – Glavić Oct 12 '13 at 08:36

Can't retrieve cookie value in PHP

1 Answers1