loosing cookie values in new pages

**Bradley Holt** · Sep 14 '05, 01:05 PM

Re: loosing cookie values in new pages

First, are you only storing user_id in cookies? This sounds like a
security problem. I'm guessing your user_ids are sequential and thus
easily guessed. Someone could easily create a fake cookie with a
guessed user_id and now have access to your system. You'll want to
create some sort of randomly generated md5 hash which is a lot harder
to guess (almost impossible). Or, you could just use PHPs built in
session handling which does this for you automatically.

Does this problem only happen on specific computers and not on others?
If so, it sounds like the security settings of the web browsers on
those computers are not allowing cookies.

--
Bradley Holt <bradley.holt@g mail.com>

404 Not Found

http://www.gtalkprofile.com/profile/2.html

**rushik** · Sep 14 '05, 01:45 PM

Re: loosing cookie values in new pages

Hello,

We have created cookies user_id by using our algorithm, thus that will
not be the problem. The problem is occurring in the particular
machines, but the main problem is;
at the first level link pages we are able to retreive cookie
information but at the second level pages in the same domain cookies
are not accessible.

Actually if the cookies are blocked at browser level then at the first
level link we should not get the cookies. Right?

Thanks.
Rushik.

**tj_kohler** · Sep 14 '05, 06:45 PM

Re: loosing cookie values in new pages

IE6 needs a P3P policy for cookies to work properly:

<?php
header('P3P: CP="CAO PSA OUR"');
?>

Without this header in IE6, cookies will be lost as you described above.

**rushik** · Sep 15 '05, 04:45 AM

Re: loosing cookie values in new pages

Thanks all for replying quickly, but the problem is not frequent,
sometimes it occurs on some machines sometimes not, can you tell me how
to regenerate the cookie problem?

Thanks
Rushik

**Alex P** · Sep 20 '05, 02:15 PM

Re: loosing cookie values in new pages

Hello,

we are experiencing the identical problem with an open source
application we have running, but this header did not fix the problem
for us. Does anyone know of a good resource on P3P headers?

**tj_kohler** · Sep 22 '05, 08:45 AM

Re: loosing cookie values in new pages

Alex P wrote:
[color=blue]
> we are experiencing the identical problem with
> an open source application we have running, but
> this header did not fix the problem for us. Does
> anyone know of a good resource on P3P headers?[/color]

The official site for the P3P specification is:

The Platform for Privacy Preferences 1.0 (P3P1.0) Specification

http://www.w3.org/TR/P3P/

A free P3P editor: http://www.alphaworks.ibm.com/tech/p3peditor

A free compact policy generator:

http://www.privacycouncil.com/freep3pfix.php

There are other quirks which can cause cookies to be lost also.

**Alex P** · Sep 26 '05, 07:55 PM

Re: loosing cookie values in new pages

What are other possible option? We basically have a user go through a
dozen or more page views and suddently loose their id cookie.

**rushik** · Sep 28 '05, 12:25 PM

Re: loosing cookie values in new pages

Hello,

The above described cookie problem is creating problem for our system.
I want the optional solution for the cookie. In short i want to use
some variables which i can access in all the pages globally just like
cookies.

Is there any other solution ?? I can explain my exact requirement also
if required.

Thanks
Rushik.

loosing cookie values in new pages

loosing cookie values in new pages

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment