'A cookie is set but cannot be accessed with $_COOKIE; Rejected
I have a cookie set to record an admins location so if they session time out they can access the page they were last on upon re-login or if I send them a link they can log in and be redirected to the page I sent them instead of the dashboard. The cookie does appear to be present in the browser with a couple others I have set.
However when I check to see if the cookie exists with $_COOKIE["AdminPage"] it always comes up empty.
When I do a var_dump of the $_COOKIE array I get:
array (size=2)
'PHPSESSID' => string '4f7949bde665b3ceae66624b3ecb6afe' (length=32)
'Sirius' => string 'sY80fAjJm93OHtfj'... (length=1145)
There should be at least two more cookies in the var_dump. One named AdminPage and one named locked according to my console. My console is as below:
Console Cookies
---------------
Name | Value | Domain | Path | Expires | Size | HttpOnly | Secure | SameSite | Last Accessed |
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
AdminPage | https%3A%2F%2Fdsm.example.ca%3A443%2Fsystem%2Fsettings%2Fsaved%2F | .example.ca | / | Tue, 19 Jan 2021 03:40:50 GMT | 78 | true | true | Lax | Sun, 20 Dec 2020... |
locked | 1 | dsm.example.ca | / | Session | 7 | false | false | Lax | Sun, 20 Dec 2020... |
PHPSESSID | 4f7949bde665b3ceae66624b3ecb6afe | .example.ca | / | Session | 41 | false | false | None | Sun, 20 Dec 2020... |
Sirius | LRF6aQDwY1kEVR9o5j6xubt4LFW09yZaNAzst5GhqpDvypriKlZ4agJTqnkF2 ... | .example.ca | / | Tue, 19 Jan 2021 03:40:50 GMT | 1151 | true | true | Lax | Sun, 20 Dec 2020... |
The AdminPage cookie is set via the code blow and all cookies are set in a similar matter, except the locked cookie which is set via JavaScript. (It is not too important if the locked cookie is available in PHP)
$arr_cookie_options = array (
'expires' => strtotime( '+30 days' ),
'path' => '/',
'domain' => '.'.$data["domain"], // leading dot for compatibility or use subdomain
'secure' => true, // or false
'httponly' => true, // or false
'samesite' => 'LAX' // None || Lax || Strict
);
setcookie("AdminPage",$this->currentPage(),$arr_cookie_options);
I also noticed in my console:
Cookie “locked” has been rejected because it is already expired.
Cookie “AdminPage” has been rejected because it is already expired.
If the rejection is why I cannot access those two in PHP then why are my cookies getting rejected? I set the Sirius cookie exactly the same as the AdminPage except for the name and value so why is it not being rejected?
I am using FireFox if that's making a difference and my hosting is shared so editing the .ini is out of the question should one feel it may be required.
Solution 1:[1]
I assume this is firefox.. There is a bug report open about the expired cookie message: https://bugzilla.mozilla.org/show_bug.cgi?id=1676651
Easies solution is to empty your cookie cache.. Or you can delete the old expired cookies as per: Cannot remove a cookie - Firefox rejecting cookies from the past
Solution 2:[2]
Got the same error. It was worth checking nginx/apache error logs.
It seems, when the cookie value is using a php function which itself emits an error, firefox logs this as 'already expired'.
In my case I was using the hash function incorrectly by mistake, and got this error.
See if $this->currentPage() is otherwise returning correctly.
Solution 3:[3]
I had the same problem, but I used the following command: header(), and setted the cookie here. I've done it according to this link: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Ties Vandyke |
| Solution 2 | Ajay Singh |
| Solution 3 | Máté Menyhárt |