PHP :: Bug #48243 :: Cookie not set after setting cookie in .htaccess

Bug #48243	Cookie not set after setting cookie in .htaccess
Submitted:	2009-05-12 07:50 UTC	Modified:	2009-05-14 09:03 UTC
From:	stephan dot schulze at kapthon dot com	Assigned:
Status:	Not a bug	Package:	HTTP related
PHP Version:	5.2.9	OS:	Centos 5.3
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	stephan dot schulze at kapthon dot com
New email:
PHP Version:		OS:

New Comment:

[2009-05-12 07:50 UTC] stephan dot schulze at kapthon dot com

Description:
------------
setcookie does not set a cookie when a cookie is set in .htaccess file first

I do not know whether this is a bug or expected behaviour

Reproduce code:
---------------
.htaccess Code
==============
<FilesMatch "\.(html|htm|xml|txt|php)$">
SetEnvIf Cookie "^.*testcookie.*$" cookie_set=1
Header set Set-Cookie: "testcookie=1; path=/;" env=!cookie_set
</FilesMatch>

Cookie is set here

PHP-Code
========
setcookie('testphp', 'test_' . time());

in index.php => cookie is not set

Expected result:
----------------
"testcookie" AND "testphp"-Cookie should be set

Actual result:
--------------
Only "testcookie" is set,any calls to setcookie does not set any cookie at all

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-05-13 00:56 UTC] jani@php.net

I would guess you need to match all the parameters used to be able to 
reset a cookie. But you're better of using header() with the replace 
parameter set to true.

[2009-05-13 06:27 UTC] stephan dot schulze at kapthon dot com

I do not want to reset a cookie but to set another second or third cookie.
PHP even doesn't set a session cookie, when a cookie is set via htaccess before.

So the problem is:
after setting a cookie via htaccess, PHP doesn't set any other cookies anymore

I do not know whether this is really a bogus bug.

[2009-05-14 09:03 UTC] stephan dot schulze at kapthon dot com

Problem is solved!

1. First PHP is setting a header with the name "Set-Cookie"
2. And then Apache's mod_header is working.

Header set Set-Cookie: "testcookie=1; path=/;" env=!cookie_set

"Header set" is replacing all headers with the same name (e.g. "Set-Cookie")
 whith this new one. Thus the header "Set-Cookie", which is set from PHP,
does not exists after this directive.

You must use "Header add" in ".htacess", to add an additional Set-Cookie
header to the current set of headers.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Nov 04 15:00:01 2025 UTC