setcookie to an empty value not working

Question

i have this code im trying to do for a type of cache system so it remembers the city the user has selected. if the user has selected a city it stores it in sessions and cookies, and will automatically redirect them to the city page if they've selected it before.

sessions work fine, but it doesn't seem to be setting the cookie to an empty value if the $_GET['city'] variable is empty...

heres my code:

function gen_url ($city)
{
    $url = 'http://www.mysite.com';

    if (!empty($city)) $url .= "/c-$city";

    return $url;
}

function set_cache ($variable, $value)
{
    $_SESSION[$variable] = $value;
    setcookie($variable, $value, time() + 31536000);
}

$redirect = false;
$redirect_array['city'] = '';

if (!empty($_GET['city']))
{
    $sql = mysql_query("select * from `cities` where `slug`='".mysql_real_escape_string($_GET['city'])."'");

    if (mysql_num_rows($sql) != 0)
    {
        while ($row = mysql_fetch_assoc($sql))
        {
            foreach ($row as $k => $v)
                $city[$k] = $v;
        }

        $redirect_array['city'] = $city['slug'];
    }
    else
    {
        $redirect = true;
    }
}   

if ($redirect)
{
    header('Location: '.gen_url($redirect_array['city']);
    die();
}

set_cache('city', $redirect_array['city']);

score 7 · Accepted Answer · answered Jan 08 '12 at 05:32

7

You can't set a cookie with an empty string as it will delete the cookie.

From the docs:

If the value argument is an empty string, or FALSE, and all other arguments match a previous call to setcookie, then the cookie with the specified name will be deleted from the remote client.

answered Jan 08 '12 at 05:32

Rich Adams

26,096
4
39
62

Thank you for your answer. It is not correct in *every* version of PHP (see 5.6.10) as I found and reported here: http://stackoverflow.com/q/37464332/469643. In some versions, setting a blank value **will succeed** and the documentation does not make it clear what *should* happen if **no previous call** has been made. My question still needs an answer if you have any deeper insights – veeTrain Jun 06 '16 at 13:48

score 2 · Answer 2 · edited Apr 05 '23 at 20:45

2

You can set the cookie to an empty value by using a null byte as the value, like this:

setrawcookie('testEmptyCookie', "\x00", time() + 3600, '/');

(tried on php 5.6 and 7.2).

edited Apr 05 '23 at 20:45

ruakh

175,680
26
273
307

answered Jan 10 '19 at 17:59

yaron

41
5

score 2 · Answer 3 · answered Feb 27 '19 at 20:55

PHP's setcookie() doesn't allow you to set cookies with empty values. But you can do that with header()

replace:

setcookie($variable, $value, time() + 31536000);

with:

header('set-cookie: '.rawurlencode($variable).'='.rawurlencode($value).'; max-age=31536000', false);

score 2 · Answer 4 · answered Jan 08 '12 at 06:10

2

You can't set a cookie to most falsy values to indicate falseness of a trit cookie. Only '0' will work. Use that.

answered Jan 08 '12 at 06:10

Explosion Pills

188,624
52
326
405

score 0 · Answer 5 · answered Jan 08 '12 at 05:30

0

Make sure to set your cookie with a negative time:

setcookie($variable, '', -1);

answered Jan 08 '12 at 05:30

davidethell

11,708
6
43
63

setcookie to an empty value not working

5 Answers5

Linked