|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #17663 setcookie only sets last of multiple cookies
Submitted: 2002-06-09 02:48 UTC Modified: 2002-07-01 17:54 UTC
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:0 (0.0%)
From: craig at bioware dot com Assigned:
Status: Closed Package: Apache2 related
PHP Version: 4.0CVS-2002-06-09 OS: RedHat 7.2
Private report: No CVE-ID: None
 [2002-06-09 02:48 UTC] craig at bioware dot com

Yes I know that this has been mentioned and *FIXED* before, but with Apache 2.0.36 and PHP 4.2.1 (and the latest CVS from tonight - STABLE-200206082100)...

It is STILL an issue.  We are trying to set 2 cookies on the same page, and the second is the only one created!

I've tried everything I can think of -- multiple apache & php versions -- no luck!

Please take another look at this...


Craig Miller


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-06-09 04:08 UTC]
The STABLE snapshots are not from the development branch, so change is that it didn't make it in the 4_2 release branch. You might want to try a non-stable snapshot which are made from the latest development branch.

 [2002-06-20 07:22 UTC] red at tripany dot com
I've installed Apache 2.0.39 on Debian 2.2 and 2.4, which went fine. Then installing php 4.2.1, the configure goes fine,

./configure --prefix=/opt/php-4.2.1 --enable-force-cgi-redirect --enable-ftp --enable-magic-quotes --enable-bcmath --enable-calendar --enable-dbase --enable-dbx --enable-ftp --enable-gd-native-ttf --enable-mbstring --enable-track-vars --enable-ucd-snmp-hack --enable-sockets --enable-sysvsem --enable-sysvshm --enable-yp --enable-shared=PKGS --enable-debug --enable-memory-limit --with-zlib --with-gd --with-jpeg-dir=/usr/lib --with-tiff-dir=/usr/lib --with-png-dir=/usr/lib --with-mysql --with-snmp --with-apxs2=/opt/httpd-2.0.39/bin/apxs

It finds apache2 support, and suggests using apache2filter (which I think it should be doing)

 but the make gives an error:

gcc -I. -I/usr/local/src/php/php-4.2.1/sapi/apache2filter -I/usr/local/src/php/php-4.2.1/main -I/usr/local/src/php/php-4.2.1 -I/opt/httpd-2.0.39/include -I/usr/local/src/php/php-4.2.1/Zend -I/usr/local/include -I/usr/local/src/php/php-4.2.1/ext/mysql/libmysql -I/usr/include/ucd-snmp -I/usr/local/src/php/php-4.2.1/ext/xml/expat -D_REENTRANT -I/usr/local/src/php/php-4.2.1/TSRM -DTHREAD=1 -g -O2 -pthread -Wall -DZTS -c php_functions.c  -fPIC -DPIC -o php_functions.lo
php_functions.c:93: parse error
make[3]: *** [php_functions.lo] Error 1
make[3]: Leaving directory `/usr/local/src/php/php-4.2.1/sapi/apache2filter'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/usr/local/src/php/php-4.2.1/sapi/apache2filter'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/local/src/php/php-4.2.1/sapi'
make: *** [all-recursive] Error 1

Now if I delete lines 92, 93 and 94 from sapi/apache2filter/php_functions.c which are:

#if !MODULE_MAGIC_AT_LEAST(20020506,0)

and then continue the make, it all seems to go fine. Make install copies everything to the right directory and doing a <? phpinfo() ?> shows that everything should be functioning neatly.

Now the problem!

When writing cookies to a client, sometimes the cookie will not be written and sometimes it will be - this behaviour is consistent in terms of site a will never write the cookies, but site b will always write the cookie! (see code below)

Never works
setcookie("netuser", $row["werknemer_ID"], time()+3600, "/");
setcookie["netlanguage", $row["row_lang"], time()+3600,"/");
setcookie["netlastlogin", $row["last_login"], time()+3600,"/");

Always works
setcookie("user", $userID, time()+(3600*3), "/")

The only thing we've managed to figure out is that in the first example, we write to the cookie 3 times (using similar statements) and in the second example we only create the cookie once. Every time we write to the cookie again, it overwrites (deletes) the old cookies  and replaces it with the last cookie. So what you end up with, is the netlastlogin cookie, and netuser and netlanguage don't exist on the client harddrive. This used to work under php4.2.0!

Under apache 2.0.36 and php 4.2.0 compiled with the same settings, I never experienced this behaviour and I have no idea what's causing it! Any help is much appreciated!
 [2002-06-20 07:39 UTC]
That error was fixed in CVS recently, but leaving this open because of the bad cookies
 [2002-06-20 11:45 UTC] red at tripany dot com
Well after extensive testing, I have to conclude it's probably not a php
(alone) problem.
I have tried:
PHP ver.     Apache ver.    --enable-so    works?   error
4.2.1            2.0.39             yes       no     yes
2.1              36                 yes       yes    no
2.0              39                 yes       no     yes
2.0              36                 no        no     yes
2.0              36                 yes       yes    no
4.0.3pl1         1.3.9              ?         yes    ?

(4.0.3pl1 is the standard debian package)
The rest of the 2.1 installations (with apache 39) don't work and give
errors, so there's some problem with the apxs interaction between php
and httpd 2.0.39. As php2.1.0 works with httpd 2.0.36 I'm now assuming
there was a change in the apxs of apache in the security fix version
which renders the multiple cookies unwriteable. I'll send this off to
apache as well.
 [2002-06-20 11:47 UTC] red at tripany dot com
The guys at apache maintain it's a php problem, something with HEAD or so (see apache bug # 10061) so I'm back here now... 

Robin Edgar
 [2002-06-20 18:47 UTC] fixes this.

 [2002-06-24 06:35 UTC] red at tripany dot com
yup, php4-200206240000 worked, but now without yp support... next bug Cheers
 [2002-06-28 01:24 UTC] jtrusty at kiva dot net
Running apache 2.0.39 with php 4.2.2-dev (latest stable) compiled as module on winnt. Experiencing the same problem. Php refuses to set multiple cookies. If setting more than a single cookie in a row, only the last cookie gets set (if you're lucky). Is a fix for this on the way?
 [2002-06-28 01:26 UTC]
[2002-06-20 18:47:50] fixes this.

it doesn't say stable here, only fixed in the 4.3.0dev version.

 [2002-07-01 17:33 UTC] khristopher_klaich at nywd dot uscourts dot gov
I just tried to install this on my red.hat 6.2 system with apache 2.0.39 installed and I get the following 

/usr/local/php4-200207011200/sapi/apache2filter/sapi_apache2.c: In function `php
/usr/local/php4-200207011200/sapi/apache2filter/sapi_apache2.c:567: incompatible
 type for argument 3 of `ap_register_output_filter'
/usr/local/php4-200207011200/sapi/apache2filter/sapi_apache2.c:567: too many arg
uments to function `ap_register_output_filter'
/usr/local/php4-200207011200/sapi/apache2filter/sapi_apache2.c:568: incompatible
 type for argument 3 of `ap_register_input_filter'
/usr/local/php4-200207011200/sapi/apache2filter/sapi_apache2.c:568: too many arg
uments to function `ap_register_input_filter'
make: *** [sapi/apache2filter/sapi_apache2.lo] Error 1

This happened on the make.....what now?
 [2002-07-01 17:54 UTC]
You need the latest CVS version of Apache2 too.

Apache2 (and support for it in PHP) are really experimental
still. You're better of with apache 1.3.26 anyway.


 [2003-06-03 08:41 UTC] ben at galactic-tales dot de
I just have trouble with this issue using both the newest PHP and Apache2-release (4.3.2 / 2.0.46).

Only the first of multiple cookies gets set.
Any ideas?
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Jul 25 10:01:29 2024 UTC