0

We have a webshop. We use a cookie that stores the order ID of every single order/user. All of the items in the basket and the user's address info are related to that ID. The cookie is only meant to be changed when an order is complete or if its value is empty. We check the cookie with the server on each page load and only change it when conditions above are met.

A few months ago, we discovered that in some cases, the browser can keep multiple versions of that cookie value, and "switch" between those values randomly on page load. Moreover, the value is not overwritten - if the browser switches from value A to value B, a few page loads later it can load value A again. The browser can hold up to 5 (possibly more) values for a single cookie, and it keeps changing them randomly as the user navigates our webshop. It is very problematic since once the cookie value is changed - the basket contents changes with it. We experienced this problem primarily in Google Chrome and Internet Explorer. Trying to check the cookie value in the console shows only the value that is being used for the current page load.

We use the following function to set cookies:

function SetCookie(c_name, value, exdays){
  var expires = "";
  if(exdays)
  {
    var date = new Date();
    date.setTime(date.getTime() + (exdays*24*60*60*1000));
    expires = "; expires=" + date.toUTCString();
  }
  document.cookie = c_name + "=" + escape(value) + expires + "; path=/";
}

Whenever I read about cookies, everyone says that overwriting a cookie with the same name and path is supposed to destroy the previous value. So I tried to do the following when setting the order ID cookie (delete cookie before setting it):

SetCookie(name , "", -1); 
SetCookie(name , val, 14);

However, the problem still persists and the browser keeps randomly choosing the value on page load. What could be causing such behaviour? Is there any way to check the (shadow) values of the cookie that the browser is currently NOT using? Is there any way to check how many values for a specific cookie name and path the browser has stored?

EDIT: Our javascript order ID cookie setter function runs on page load. It is the only place we ever change the order ID cookie. Recently, we tested this behaviour with dev tools open and it showed interesting results. A simple page reload can change the cookie header of the request to a request containing a different cookie value, before our cookie setter function ever had a chance to run. We thought it could be a caching issue (request being cached and used later), but it seems this behaviour persists when we set up the server to return a no-cache and no-store response header.

DPH Trading Danish Plate House
  • 115
  • 1
  • 9
  • `What could be causing such behaviour?` My guess is that you are re-setting the cookie value on page load. What you are seeing should not be happening. – VLAZ Sep 22 '16 at 07:22
  • Re-setting the value would get a new Guid.NewGuid() in .NET from the server and return it as the new value. It is virtually impossible that the same value would be returned twice , or changing values like A->B->A. I agree that what we are seeing is, in theory, impossible. – DPH Trading Danish Plate House Sep 22 '16 at 07:26

1 Answers1

0

Look at the Nate answer to this question How to handle multiple cookies with the same name?

Hope it helps !!

PaulMest
  • 12,925
  • 7
  • 53
  • 50
neetesh
  • 186
  • 1
  • 7
  • He explains what happens when using different path/domain when setting the cookie. We always use the same "path=/" in our cookie setter function and we have no subdomains that could create a duplicate value when domain is not specified. – DPH Trading Danish Plate House Sep 22 '16 at 07:29