Solved

undefined index setting cookie

Posted on 2016-10-01
11
36 Views
Last Modified: 2016-10-02
If I check the "remember me" checkbox and login, the cookie is set as it should be. However, if I don't check it I get a "undefined index" error. I am not sure how to resolve this. The error is for the very first line with the if statement.

if($_POST['remember']=="on"){
						
						$cookie_name = 'userID';
						$value = $safe_userID;
						$expire = time() + 60*60*24*7; 
						$path = '/';
						$domain = NULL;
						$secure = FALSE;
						$httponly = TRUE; 

setcookie($cookie_name, $value, $expire, $path, $domain, $secure, $httponly);

Open in new window


P.S. I am not actually using the auto increment user id, I have another one stored in the database which is created with:

 return strtr(
        base64_encode(
            random_bytes(9)
        ),
        '+/',
        '-_'
    );

Open in new window

0
Comment
Question by:Black Sulfur
  • 6
  • 4
11 Comments
 

Author Comment

by:Black Sulfur
ID: 41824997
I also tried to set the cookie if on and set a session instead if cookie is off. I am still getting undefined index errors though.

      
if($_POST['remember'] === "on"){
						
						$cookie_name = 'userID';
						$value = $userID;
						$expire = time() + 60*60*24*7; 
						$path = '/';
						$domain = NULL;
						$secure = FALSE;
						$httponly = TRUE; 

setcookie($cookie_name, $value, $expire, $path, $domain, $secure, $httponly);
						
					}
							
					elseif($_POST['remember'] == ""){
						
							$_SESSION['userID'] = $userID;
					}	

Open in new window

0
 
LVL 21

Accepted Solution

by:
Kim Walker earned 400 total points
ID: 41825012
Try:
if(isset($_POST['remember']) && $_POST['remember'] === "on"){

Open in new window

If that doesn't work, you'll have to nest the second condition.
if(isset($_POST['remember']){
    if($_POST['remember'] === "on"){
        // process cookie
    }
}

Open in new window

0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 41825069
I never heard of setting $domain = NULL;.  Cookies are available ONLY on a specified domain.  The simplest cookie must have name, value and expiration.  Then the domain is set to the current domain shown in the browser address bar.  If you include things after the domain, I'm pretty sure you have to specify the domain.  

It is always good to set the correct domain because you can only read the cookie from the correct domain.  This means that the cookie domain must match exactly the domain shown in the browser address bar.  A cookie set for 'www.mysite.com' will Not match 'mysite.com' unless you have used the ',' syntax for the domain when setting the cookie.  I had one situation where I had to try every variation of the domain name to get rid of an unwanted cookie.

http://php.net/manual/en/function.setcookie.php
0
 

Author Comment

by:Black Sulfur
ID: 41825143
@ Dave, setting the domain to NULL was actually an example from Ray Paseur which can be found here:

https://www.experts-exchange.com/articles/2391/PHP-Client-Registration-Login-Logout-and-Easy-Access-Control.html



 // CONSTRUCT A "REMEMBER ME" COOKIE WITH THE UNIQUE USER KEY
    $cookie_name    = 'uuk';
    $cookie_value   = $uuk;
    $cookie_expires = time() + date('Z') + REMEMBER;
    $cookie_path    = '/';
    $cookie_domain  = NULL;
    $cookie_secure  = FALSE;
    $cookie_http    = TRUE; // HIDE COOKIE FROM JAVASCRIPT (PHP 5.2+)

Open in new window

0
 

Author Comment

by:Black Sulfur
ID: 41825148
Never mind, ignore the previous comment. I was doing something silly. I can login now if I check the checkbox, if I don't check the box then the page just refreshes. At least I don't get an error anymore so I must almost be there. But I think it is because if the remember me isn't checked, I need to set a session instead, otherwise it still won't work. I tried it but still no luck.

	if(isset($_POST['remember'])) {
						
							if($_POST['remember'] === "on"){
      
						
						$cookie_name = 'userID';
						$value = $userID;
						$expire = time() + 60*60*24*7; 
						$path = '/';
						$domain = NULL;
						$secure = FALSE;
						$httponly = TRUE; 

setcookie($cookie_name, $value, $expire, $path, $domain, $secure, $httponly);
								
								
						
					} elseif($_POST['remember'] !== "on") {
								
								$_SESSION['userID'] = $sessionID;
							}
					
				
					    }	
				

Open in new window


I have noticed though by changing the page redirect on the user area, that it redirects me straight away. So, it is logging me in but the session either isn't set or my condition on the user admin page is wrong?

session_start();
if(isset($_SESSION['userID']) || isset($_COOKIE['userID'])) {
	
	//stuff happens
	
} else {
	
	header("location:login.php");

}

Open in new window

0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 100 total points
ID: 41825157
While Ray and I agree on most things, this is not one of them.  I have never set the domain to NULL and I never will.  If there is any chance that your 'domain' that is entered in the browser is not always the same, then you are inviting failure with the proper recognition of the cookie.  For cookies, 'www.mysite.com' will Not match 'mysite.com'.

https://en.wikipedia.org/wiki/HTTP_cookie

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
0
 

Author Comment

by:Black Sulfur
ID: 41825159
Hi Dave, makes sense. What should I set it to when using on localhost using mamp? My path looks like:

http://localhost:8888/mysite/auth/

Also, any idea why my session isn't setting if remember me box isn't checked?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 41825170
You should not be using 'localhost' to start with.  Chrome won't set a cookie at all on 'localhost' and of course, you have no access from other computers.  I have 14 computers with web servers here and all of them use either their machine IP address or the machine 'hostname'.  The only use for 'localhost' is for functions / page that you do not want remote access to.  Still, things like cookies in Chrome simply aren't going to work.
0
 

Author Comment

by:Black Sulfur
ID: 41825192
I don't have a live web server at this point in time so I use MAMP for testing locally. I can successfully set the cookie and the login works as it should with the cookie set i.e.: Once logged in I close the browser and reopen, go back to the url and I remain logged in. I haven't created the logout code yet but if I clear the cache of the Chrome browser, close the browser down and try access the page, it takes me back to the login page. So, the cookie is working on my local machine.

But my session still isn't setting if I don't check remember me.
0
 

Author Comment

by:Black Sulfur
ID: 41825258
Okay, I think I figured it out using reverse logic:

      
				if(empty($_POST['remember'])) {
								
                                                               // Set session
								$_SESSION['sessionID'] = $userID;
						
					} elseif($_POST['remember'] == "on"){
								
                                               //Set cookie
						$cookie_name = 'userID';
						$value = $userID;
						$expire = time() + 60; 
						$path = '/';
						$domain = www.mysite.com;
						$secure = FALSE;
						$httponly = TRUE; 

setcookie($cookie_name, $value, $expire, $path, $domain, $secure, $httponly);

		}

Open in new window

0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 41825485
MAMP includes the Apache web server along with PHP and MySQL.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now