A cookie is set but cannot be accessed with $_COOKIE; Rejected

Question

I have a cookie set to record an admins location so if they session time out they can access the page they were last on upon re-login or if I send them a link they can log in and be redirected to the page I sent them instead of the dashboard. The cookie does appear to be present in the browser with a couple others I have set.

However when I check to see if the cookie exists with $_COOKIE["AdminPage"] it always comes up empty.

When I do a var_dump of the $_COOKIE array I get:

array (size=2)
  'PHPSESSID' => string '4f7949bde665b3ceae66624b3ecb6afe' (length=32)
  'Sirius' => string 'sY80fAjJm93OHtfj'... (length=1145)

There should be at least two more cookies in the var_dump. One named AdminPage and one named locked according to my console. My console is as below:

Console Cookies
---------------
Name        |   Value                                                               |   Domain       |  Path        |   Expires                         |   Size    | HttpOnly      |   Secure      |   SameSite    |   Last Accessed       |
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
AdminPage   |   https%3A%2F%2Fdsm.example.ca%3A443%2Fsystem%2Fsettings%2Fsaved%2F   |   .example.ca  |  /           |   Tue, 19 Jan 2021 03:40:50 GMT   |   78      | true          |   true        |   Lax         |   Sun, 20 Dec 2020... |
locked      |   1                                                                   | dsm.example.ca |  /           |   Session                         |   7       | false         |   false       |   Lax         |   Sun, 20 Dec 2020... |
PHPSESSID   |   4f7949bde665b3ceae66624b3ecb6afe                                    |   .example.ca  |  /           |   Session                         |   41      | false         |   false       |   None        |   Sun, 20 Dec 2020... |
Sirius      |   LRF6aQDwY1kEVR9o5j6xubt4LFW09yZaNAzst5GhqpDvypriKlZ4agJTqnkF2 ...   |   .example.ca  |  /           |   Tue, 19 Jan 2021 03:40:50 GMT   |   1151    | true          |   true        |   Lax         |   Sun, 20 Dec 2020... |

The AdminPage cookie is set via the code blow and all cookies are set in a similar matter, except the locked cookie which is set via JavaScript. (It is not too important if the locked cookie is available in PHP)

$arr_cookie_options = array (
            'expires' => strtotime( '+30 days' ),
            'path' => '/',
            'domain' => '.'.$data["domain"], // leading dot for compatibility or use subdomain
            'secure' => true,     // or false
            'httponly' => true,    // or false
            'samesite' => 'LAX' // None || Lax  || Strict
        );
setcookie("AdminPage",$this->currentPage(),$arr_cookie_options);

I also noticed in my console:

Cookie “locked” has been rejected because it is already expired.
Cookie “AdminPage” has been rejected because it is already expired.

If the rejection is why I cannot access those two in PHP then why are my cookies getting rejected? I set the Sirius cookie exactly the same as the AdminPage except for the name and value so why is it not being rejected? I am using FireFox if that's making a difference and my hosting is shared so editing the .ini is out of the question should one feel it may be required.

Just a thought... You may want to use an approach that takes that into account that browsers are multi-tabbed, such as storing current tab's location as URL parameter when redirecting to login page and thing issuing a redirection to the original location. — Álvaro González, Dec 20 '20 at 11:15

score 0 · Answer 1 · answered Dec 20 '20 at 06:36

0

I assume this is firefox.. There is a bug report open about the expired cookie message: https://bugzilla.mozilla.org/show_bug.cgi?id=1676651

Easies solution is to empty your cookie cache.. Or you can delete the old expired cookies as per: Cannot remove a cookie - Firefox rejecting cookies from the past

answered Dec 20 '20 at 06:36

Ties Vandyke

154
1
8

This doesn't help accesing the cookie via `$_COOKIE` in PHP. I tried emptying the cookies, my script resets them (as they were before) and still doesn't find `AdminPage` work. – Dawson Irvine Dec 20 '20 at 06:50
If its firefox empty the cookie cache of firefox, not resetting the $_COOKIE var – Ties Vandyke Dec 20 '20 at 06:52
That is what I did in FireFox. – Dawson Irvine Dec 20 '20 at 07:26

score 0 · Answer 2 · answered Apr 16 '21 at 07:05

Got the same error. It was worth checking nginx/apache error logs.

It seems, when the cookie value is using a php function which itself emits an error, firefox logs this as 'already expired'.

In my case I was using the hash function incorrectly by mistake, and got this error.

See if $this->currentPage() is otherwise returning correctly.

score 0 · Answer 3 · answered Apr 15 '22 at 15:42

0

I had the same problem, but I used the following command: header(), and setted the cookie here. I've done it according to this link: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

answered Apr 15 '22 at 15:42

Máté Menyhárt

3
3

1

While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - [From Review](/review/late-answers/31546024) – Kent Kostelac Apr 21 '22 at 09:47

A cookie is set but cannot be accessed with $_COOKIE; Rejected

3 Answers3