I'm trying to figure out some way to check on an initial login page if cookies are accepted. It's easy enough to send a cookie on one page and check if it was set on a subsequent one, but that won't work particularly well in this case.

I've looked at a few JavaScript methods that supposedly work for all browsers, but none of them seem to work on IE6. I turn off cookies and they still say cookies are enabled... I didn't even bother testing on NS after that.

One example I know of that does this successfully is PayPal. If you try going to a purchase notification direct link on their site or even the login page, and do not have cookie acceptance set at the proper level, you get a stern warning. I don't see any hints in the source code how they're accomplishing it, though. Anyone know?

Dan

Try this url (http://www.javascripter.net/faq/arecooki.htm). It detects whether cookies are enabled by using javascript to set a cookie, and then on the same page reads it back. Did a quick check and it worked for me on IE6.

That was quick, thanks.

It does seem to work when I check it in IE6, but the strange thing is it doesn't work (same problem as I reported with the other JS methods) when I check it on the local server or as a HTML editor preview. I suppose the other JS methods may have actually worked and it's just that local usage bypasses normal cookie settings?

Dan

Yep, just uploaded the various local test copies to the FQ server and they seem to work fine in IE. It's always the little things that trip you up...

Dan

I tried the method presented in the url. It worked in Netscape 7.0 but not in IE 6. Even if I set IE to block all cookies, it is still able to set and get the value of a cookie.

I have also tried other methods for checking cookies but it did not work. I am just simply creating a simple HTML that will be able to detect if the browser's cookie is enabled or disabled.

Please help me...

:waa:

How about a more brute force approach (I haven't tested this, so I'm not certain it would work, but on first glance the idea seems plausible)...

Initial connection:

Send a cookie test value on a blank page with a 0-second refresh where the refresh URL contains the same script name as the original URL plus something like '?login=1'.

Refresh:

Same script uses the additional information (i.e. ?login=1) to test whether the cookie is available or not. Sends the appropriate login page based on this information.

Result:

To the end user, there might be a very slight delay while the page refreshes, but it should be negligible.

Example:

Script (we'll call it index.php) is accessed the first time. Since the '?login=1' parameter is not included, index.php sends a test cookie on a blank page with the refresh tag in the header:
<html>
<head>
<meta http-equiv="Refresh" content="0,URL=http://somesite.bar/index.php?login=1">
</head>
<body>
<!-- Just in case refresh *doesn't* work, user won't be stranded -->
<div align="center">
Click <a href="http://somesite.bar/index.php?login=1">
<b>here</b></a> to log in...
</div>
</body>
</html>

Page will almost immediately refresh, using the '?login=1' parameter. The index.php script, detecting the '?login=1' parameter, can now check to see if the test cookie exists and act accordingly.

Summary:

Okay, maybe it would work, maybe not. %) But the idea might help direct you to the solution. I'll actually test this out when I get a chance, but if it does work (and suits your requirements), enjoy!

Doraevon

If I'm not mistaken, aren't there browsers out now that can disable META refreshes? If so, that would be a concern with the above approach. Maybe a 1-2 combo that first tries the refresh, then checks further down the page if it was successful (by looking for the $login == 1 setting). If it isn't, then try the previously mentioned check.

Dan

Originally posted by dank:
If I'm not mistaken, aren't there browsers out now that can disable META refreshes? If so, that would be a concern with the above approach. Maybe a 1-2 combo that first tries the refresh, then checks further down the page if it was successful (by looking for the $login == 1 setting). If it isn't, then try the previously mentioned check.

Dan Dohhh!! %)

Now that I think about it, <meta> refresh would be one of those things that could be used to fool someone into going to a site they didn't expect. So it wouldn't suprise me if some security settings on some browsers turned this off. Oh well, so much for that idea...

Doraevon

Thanks doraevon... but I tried the same approach using JSP and JavaScript but it still didn't work.

:(

I was able to chace upon a website using PHP and it was able to check if my IE6's cookie is enabled or disabled.

Unfortunately, I am only allowed to use JavaScript and JSP to check the cookie. Almost all of the solutions presented in the tutorials and forums did not work in IE6.

http://www.javascripter.net/faq/arecooki.htm