</font><blockquote><font size="1" face="">quote:</font><hr /><font size="" face="">Originally posted by Brett Harris:
I was not trying to insult your intelligence, but that article covers firewalls, clock time & a variety of other issues related to cookies.</font><hr /></blockquote><font size="" face="">Unfortunately, it's got nothing to do with his problem. It's the release of PHP he's running... I just walked through the same problem, and all the "it's IE 6" misdirections here didn't help me find it. See the
setcookie() only sets last call bug report.
In short, since there are all these calls:
<pre>
setcookie("w3t_myid","$Uid",time()+$config['cookieexp'],"{$config['cookiepath']}");
if ( ($rememberme) || ($w3t_key) ) {
setcookie("w3t_key","$autolog",time()+$config['cookieexp'],"{$config['cookiepath']}");
}
setcookie("w3t_mysess","$newsessionid","0","{$config['cookiepath']}");
setcookie("w3t_language","$ubbt_language",time()+$config['cookieexp'],"{$config['cookiepath']}");
setcookie("ubbt_pass","",time()-3600,"{$config['cookiepath']}");
setcookie("ubbt_dob","",time()-3600,"{$config['cookiepath']}");
</pre>
in the do_login() method of main.inc.php, it's only the last <pre>setcookie()</pre> call that gets executed. Since it's a cookie delete, no cookies are every being ATTEMPTED for IE or some mysterious firewall to muck with.
If you care to prove this to yourself, get on this setup:
</font>
- <font size="" face="">PHP Version: 4.2.2-dev</font></li>
- <font size="" face="">Apache Version: 2.0.39</font></li>
<font size="" face="">
Then run this as cookietest.php (load, then refresh, then view source):
<pre>
<?
if (is_array($HTTP_COOKIE_VARS)) {
while(list($key,$value) = each($HTTP_COOKIE_VARS)) {
echo "<!-- Debug-Cookie-Vars-{$key}: <$value> -->\r\n";
}
}
setcookie("marc","was",time()+3600,"/");
setcookie("brooks","here",time()+3600,"/");
?>
</pre>
You'll quickly realize that only the LAST cookie gets set.
If you're wondering about him using the PHP 4.2.2-dev, that's almost necessary, since the 4.2.1-stable module will not load under Apache 2.0.39; which is the first to fix the post-chunking-exploit in the 2.x source tree.
Hope this helps people not waste the time
I wasted because I believed it was somehow my fault...
Marc