PHP - setcookie(); not working

Question

I've made a login, that sets a cookie with a value of the imputed email address, so in the global.php file, it stores an array of the users data using:

$email = $_COOKIE["PeopleHub"];
$getuserdata = mysqli_query($con, "SELECT * FROM Earth WHERE email='$email'");
$userdata = mysqli_fetch_array($getuserdata, MYSQLI_ASSOC);

The cookie isn't being set, I know this because I made a test file:

echo $_COOKIE["PeopleHub"];

It just made a blank page.

The login code (where the cookie is set):

<?php 
include "global.php";    
?>
<h2>Login</h2>
<?php 
    echo "We currently have <b>" . $usercount . "</b> members, <b>" . $onlinecount . "</b> of which are online. "; 
?>
<br>
<br>
<?php 
    if(isset($_POST["email"])){ 
        $email = $_POST["email"];
        $password = sha1($_POST["password"]);
        $check = mysqli_query($con, "SELECT * FROM Earth WHERE `email`='$email' AND `password`='$password'");
        $check = mysqli_num_rows($check);
        if($check == 1){
        setcookie("PeopleHub", $email, 0, '/');
        echo "We logged you in!";
        }
        else { 
            echo "We couldn't log you in!";
        }
    }
?>
<form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
    Email <input name="email" placeholder="Email Address" required="" type="text"><br>
    Password <input name="password" placeholder="Password" required="" type="password"><br>
    <input type="reset" value="Start Over">
    <input type="submit" value="Login">
</form>

Answer 1

You have to set cookies before any headers are sent out.

From the manual :

setcookie() defines a cookie to be sent along with the rest of the HTTP headers. Like other headers, cookies must be sent before any output from your script (this is a protocol restriction). This requires that you place calls to this function prior to any output, including and tags as well as any whitespace.

This means you will need to look into output buffering if you wish to use this code as is.

<?php

ob_start();
echo "Hello\n";

setcookie("cookiename", "cookiedata");

ob_end_flush();

?>

Depending on the contents of global.php , this might work for you. All I did was remove any output before setcookie() is called. If global.php contains any whitespace or HTML output in it this won't work:

<?php 
include "global.php";    

    if(isset($_POST["email"])){ 
        $email = $_POST["email"];
        $password = sha1($_POST["password"]);
        $check = mysqli_query($con, "SELECT * FROM Earth WHERE `email`='$email' AND `password`='$password'");
        $check = mysqli_num_rows($check);
        if($check == 1){
        setcookie("PeopleHub", $email, 0, '/');
        echo "We logged you in!";
        }
        else { 
            echo "We couldn't log you in!";
        }
    }
?>
<h2>Login</h2>
<?php 
    echo "We currently have <b>" . $usercount . "</b> members, <b>" . $onlinecount . "</b> of which are online. "; 
?>
<br>
<br>
<form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
    Email <input name="email" placeholder="Email Address" required="" type="text"><br>
    Password <input name="password" placeholder="Password" required="" type="password"><br>
    <input type="reset" value="Start Over">
    <input type="submit" value="Login">
</form>

Answer 2

Just wanted to point out, I had an issue with setcookie not working. When I investigated the file further it was encoded as UTF-8 with BOM. When I re-encoded it as UTF-8 without BOM setcookie worked fine, so the BOM was being written before my first php tag was encountered. I guess enabling buffering in my php.ini file probably would fix this too.

Someone may eventually find this information helpful.

Answer 3

I had another problem with cookie update using setcookie function.

So I've set cookie string made from array using php serialize function. From now on I was not able to update that cookie - setcookie function was simply not working, wheather is was setting serialized string or any other simple string.

Then I've set another cookie with new cookie key, this time data was encoded with json_encode function. This time I was able to set the cookie and update it :-)

Answer 4

我遇到了同样的问题，原来是由于我要传递给函数的域具有自定义端口（不允许）引起的。

Answer 5

Just wanted to add that setcookie was not working for me when the user utilized my website with an url like this: https://mywebsite89898989.com . But when the website url was changed to https://www.mywebsite89898989.com setcookie worked correctly.

I am about as far from an expert as one can be so perhaps someone more knowledgeable can explain this behavior.

I just note this information to hopefully save someone some time debugging...

Answer 6

Mine was a slightly more exotic case: turns out my ad blocker (I use 1Blocker) kills cookies with certain names. In my case it was a cookie name ending with _login . I changed the name and it started working.