Solved

Cookies with IIS

Posted on 2004-09-03
14
651 Views
Last Modified: 2013-12-13
Does anybody knows how to make cookies work with IIS.

I have login authentication that calls a php script and it is redirect to another page.

But when it is redirect it says that the cookies is not present. The cookies is not being passed for some reason.

I believe it is IIS problem.

Does anybody know how to fix it?

thanks
0
Comment
Question by:mdiez
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
14 Comments
 
LVL 6

Expert Comment

by:CosminB
ID: 11979217
haven't heard of cookie problems with IIS till now. Are you sure it's not your browser. Try a different browser and see what happens.
Also chekc your code or post it here
0
 
LVL 26

Expert Comment

by:Umesh
ID: 11983639
Hi,

Check out this solution by...Diablo84

Add the following to the top of your script to display all errors that are generated while processing your script.

<?php

ini_set("error_reporting","E_ALL & ~E_NOTICE");

?>

or check this ..

http://www.experts-exchange.com/Web/Web_Languages/PHP/PHP_Windows/Q_21109968.html

Hope this helps!
0
 
LVL 40

Expert Comment

by:Richard Quadling
ID: 11987583
Is the redirected site in the same domain as the initial cookie?

Have you included a path in the cookie which the redirected site is not part of?

Normally, I want my cookies for the entire site. Some people use cookies for just part of a site (i.e. members areas or catalogue).

What code are you using to set the cookie?
What is the full url of the page setting the cookie?
What is the full url of the page checking the cookie?

Richard.
0
Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

 
LVL 1

Expert Comment

by:Buz
ID: 11989577
Which method is used to set the cookie?
It will help if you'll post the cookie setup code here.
0
 

Author Comment

by:mdiez
ID: 11991851
Here is my authentication script:

<?php
      ob_start();
      require_once("dbconnection.php");
      
      error_reporting(0);
      $user      = $_POST['username'];
      $pass      = $_POST['password'];
      error_reporting(1);

    $sql = "SELECT * FROM users WHERE username = '$user'";
       
      // execute the sql statement
      $result = mysql_query($sql, $conn) or die(mysql_error());
      $numrows = mysql_num_rows($result);
        
      if($numrows == 0)
      {
            throwError();
      }
      else
      {
            $newArray = mysql_fetch_array($result);
            
            if($newArray['password'] != $pass)
                  throwError();
            else
                  goSuccess($user, $newArray['level'], $newArray['firstname']);
      }
      //====================
      function goSuccess($user, $level, $firstname)
      {
    setcookie('user', $user, time() + 36000, '/');
    setcookie('level', $level, time() + 36000, '/');
    setcookie('name', $firstname, time() + 36000, '/');
    header("Location: ../../../menu.php");
      }
   
      //====================
      function throwError()
      {
            $msg = urlencode("Please Try Again!");
            header("Location: ../../../index.php?action=staff&msg=$msg");
      }
?>


thansk for the help.
0
 
LVL 40

Accepted Solution

by:
Richard Quadling earned 250 total points
ID: 11994284
I would add an

ob_end_flush();

at the end of the script, just to make sure everything is being sent.

In the script where you want to see what is in the cookie, take a look at $_COOKIE.

You may NOT get a cookie back if the user has disabled cookies.

Do not rely on them as always being right.

Richard.
0
 
LVL 1

Assisted Solution

by:Buz
Buz earned 250 total points
ID: 11994328
My guess is that there is somthing wrong with setcookie.
Try to replace this code:
  setcookie('user', $user, time() + 36000, '/');
  setcookie('level', $level, time() + 36000, '/');
  setcookie('name', $firstname, time() + 36000, '/');
with this:
  $exp = strftime("%A, %d-%b-%Y %H:%M:%S", time()+36000);
  $cookiestr = sprintf ("%s=%s; expires=%s;", "user", $user, $exp);
  header ("Set-Cookie: $cookiestr");
  $cookiestr = sprintf ("%s=%s; expires=%s;", "level", $level, $exp);
  header ("Set-Cookie: $cookiestr");
  $cookiestr = sprintf ("%s=%s; expires=%s;", "name", $firstname, $exp);
  header ("Set-Cookie: $cookiestr");
0
 
LVL 40

Expert Comment

by:Richard Quadling
ID: 11994369
You can check the output using telnet or some other app that will allow you to see the headers.

Or you can use PHP ...

<?php

$fp = fopen('http://www.yoursite.com/yourpage.php','rt');
$aMeta = stream_get_meta_data($fp);
print_r($aMeta);
echo $http_response_header; // This is a new one on me and is in the PHP Manual.

?>

Richard.
0
 
LVL 40

Expert Comment

by:Richard Quadling
ID: 11994408
Don't need the echo line as the data in it is in the $aMeta array already.

<?php

$fp = fopen('http://dev.bandvulc','rt');
$aMeta = stream_get_meta_data($fp);
print_r($aMeta);

?>

You will then see any cookies being sent to you.

Also, try checking the return value of setcookie(). It should be true. If it is not, it did not manage to add the cookie. I would also recommend ALWAYS have

error_reporting(E_ALL);

whilst working and then make sure ALL warnings,errors and notices are coded out. A notice today may become a warning tomorrow which could become an error a LOT sooner!

Richard.
0
 
LVL 40

Expert Comment

by:Richard Quadling
ID: 12297728
I think that a lot of points have been raised to help in answering this as well as code to track the cookies he is having an issue with.

Split.
0
 
LVL 1

Expert Comment

by:Buz
ID: 12390545
Sounds fair to me.
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question