php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #24855 setcookie() doesn't work with header() function
Submitted: 2003-07-29 10:17 UTC Modified: 2003-07-29 10:56 UTC
From: tomasz at biznespolska dot pl Assigned:
Status: Not a bug Package: IIS related
PHP Version: 4.3.2 OS: Windows NT 4.0
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tomasz at biznespolska dot pl
New email:
PHP Version: OS:

 

 [2003-07-29 10:17 UTC] tomasz at biznespolska dot pl 
Description:
------------
I'm using Windows NT4 with IIS4.0.
I have found that function setcookie() doesn't work (doesn't send cookie) , when header() function is called, somewhere after.

When I comment line with header() then it sends cookie to browser, but I'm not able to redirect user to another page. 

I know, I can use <meta http-equiv="refresh" content="0; url=index.php"> but this is not best soultion.

System  Windows NT WWW 4.0 build 1381  
Build Date  May 28 2003 15:06:05  
Server API  CGI/FastCGI  
Virtual Directory Support  enabled  
Configuration File (php.ini) Path  C:\WINNT40\php.ini  
PHP API  20020918  
PHP Extension  20020429  
Zend Extension  20021010  
Debug Build  no  
Thread Safety  enabled  
Registered PHP Streams  php, http, ftp, compress.zlib  


Reproduce code:
---------------
setcookie('BPKEY', "blah=blah", time()+$_CFG['cookie_lifetime'], '/', 'biznespolska.pl');
header( 'Location: index.php' );

Expected result:
----------------
It should set cookie named BPKEY, and redirect to page index.php

Actual result:
--------------
Only redirects to page index.php

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-07-29 10:54 UTC] sniper@php.net 
Try this with Apache 1.3.28. And redirecting with 'Location:' needs full URL, not just the filename. e.g.

header("Location: http://www.php.net/index.php");
 [2003-07-29 10:56 UTC] pollita@php.net 
The problem here is actually not that PHP doesn't send the cookie (because it does).  The problem here is that IIS ignores the value which is sent.

Using the following script:

<?php 
  setcookie("foo", "bar");
  header("Location: index.html");
?>

I see the following output by PHP to IIS:

Status: 302
Content-type: text/html
X-Powered-By: PHP/4.3.2
Set-Cookie: foo=bar
Location: index.html

Then, using telnet to connect to IIS and making a request for that document I receive the response:

HTTP/1.1 302 Object Moved
Location: index.html
Server: Microsoft-IIS/4.0
Content-Type: text/html
Content-Length: 133

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="index.html">here</a></body>

As you can see, while PHP did its job of sending the cookie to IIS.  IIS chose to "optimize it out" of the communication since the browser was being redirected.

My suggested workaround for this is to do one of the following:

(A): Implement your redirection using a <META> tag and/or a javascript command.

(B): Pass your cookie value as a GET value and have your receiving page "reinforce" the cookie when it catches it.  (i.e.:  setcookie("foo",$_GET['foo']); on a page which does not redirect.)
 
PHP Copyright © 2001-2026 The PHP Group
All rights reserved. 		Last updated: Fri Mar 27 02:00:01 2026 UTC