I opened up the cookie helper and noticed 2 weird things going within the set_cookie() function.

Starting on line 61:

What exactly is this doing? Nothing? Shouldn’t it be:

Notice that the values are now being set so they can be used in the setcookie() function below. Also ... the last if statement was using if ($prefix ==). Shouldn’t that be $path.

This does look wrong.
I never noticed before because I either use setcookie, or explicitly set discrete parameters with set_cookie()

Will bash it about a bit, but your change looks good.

I’m just bumping this!
This bug can be replicated / demonstrated as follows:

With a vanilla CI 1.5.3 installation:
Config change:

In a controller, set the cookie, using default values for: prefix, domain, path

Result: A cookie is set called “cookiejar”, BUG, It should pick up the config and call it “my_cookiejar”.

Fix: As per the code above in ksheurs original post.

ksheurs, thanks for your contribution.

Oscar,  Have you tested this?

If I can get 1 more person to confirm that they implemented the patch and it works, I’ll add it in.

Yup, I have tested it. It works, (With one reservation)

If the patch is applied, and your default cookie config is as follows:

Then in a controller you want to set a cookie called “her_cookiejar”. So you

Result: A Cookie called “her_cookiejar” is set as expected

Now, you want to set a cookie with the name “cookiejar”, so you

Result: A Cookie called “his_cookiejar” is set somewhat unexpectedly
I say “somewhat”, because, If you don’t supply a parameter, the function must get the default from the config, so this is correct.
But you might really expect it to use the parameter, ‘’ that was specified.

I’m not sure now, what people regard as “expected” in this case.

OK, I guess we should also modify the get_cookie function as well.

Oscar,ksheurs and anyone else (coolfactor?) could you test this out just for completeness, and I’ll commit.

Has my vote.

Derek, it’s not just the prefix, but also the domain and path defaults which are affected. (Sorry, I should have made that clear)

This is working for me (with no unexpected behaviours)
Change line 45 in cookie_helper from:

TO :

Change lines 58 - 72 from :

TO:

This ensures that the function will behave correctly when you pass a parameter like “prefix=’’”

I don’t believe the get_cookie() needs to change really. If we do, then the same thing applies:
Eg. If you have a default like “prefix=‘her_’, but you want to get a cookie called “cookiejar”, you
will have to pass a $prefix of ‘’, which will just get you the default “her_”.
This should work: (I’d prefer not to change the get_cookie tho)

It would be good if a couple of people could also test drive all this, my tests were ok.

I support Oscar’s use of NULL, as it means “no value”, which is exactly what is being tested for.

good call oscar.

I’ll put this into practice shortly, but as you said, the more to test drive it, the faster it makes it into the codebase.

Hi!

I would also like to point out this block of code in set_cookie.

I believe 86500 should be added to time() and not subtracted.

Other than that, the revised code is working properly on my side.

No, wabautista, it should be subtracted.

The documentation says that if you pass set_cookie() no expiration, the cookie will be deleted.  So if the expire value is not numeric, the 86500 gets subtracted, which sets the cookies expiration into the past, causing the browser to delete it.

As for the rest of the stuff mentioned in this thread…has it been committed to SVN for the next release?

Thanks,
Jim

JAAulde, if that is the case, then the documentation is incorrect when it says that “Only the name and value are required.”.

I tried only the name and value in set_cookie() and it did not work because of that.  So either the documentation is incorrect or the code is.

wabautista - 27 April 2007 10:14 AM

So either the documentation is incorrect or the code is.

I think there are problems with both the code and the documentation.  Their is definitely a disagreement between them, and worse I think their are some minor issues in the code which don’t line up with fundamental cookie concepts.

I am working on a replacement cookie helper which I will definitely be using and will be posting to this board for others if they want it.  I learned a lot about cookie practices when I wrote my JavaScript Cookie Handling Library.

I’m having a look at this.
(Derek, do you feel comfortable with committing two changes, or prefer one at
a time? The helper should allow a secure parameter, as pointed out by Jim)
I guess I’m saying I would be prepared to make the (extra) change and test and whathaveyou…

The code and the docs are not One (how very unzen) To delete a cookie, you need to set it with exactly
the same parameters it was set with, excepting, value must be an empty string (Signals, delete this cookie),
and expiry can be a date in the past (Signals to browser, delete this cookie now!)

I have a complete replacement to cookie helper now.  Some of the arguments have changed a bit and the secure flag is in place.

First, my config area for cookies:

Now the new helper and user guide page:
http://www.jaaulde.com/test_bed/CodeIgniter/modCookieHelper/