detecting if Cookies are accepted?

dank · 08-15-2003, 01:22 PM

I'm trying to figure out some way to check on an initial login page if cookies are accepted. It's easy enough to send a cookie on one page and check if it was set on a subsequent one, but that won't work particularly well in this case.

I've looked at a few JavaScript methods that supposedly work for all browsers, but none of them seem to work on IE6. I turn off cookies and they still say cookies are enabled... I didn't even bother testing on NS after that.

One example I know of that does this successfully is PayPal. If you try going to a purchase notification direct link on their site or even the login page, and do not have cookie acceptance set at the proper level, you get a stern warning. I don't see any hints in the source code how they're accomplishing it, though. Anyone know?

Dan

*Jarrod* · 08-15-2003, 01:41 PM

Try this url. It detects whether cookies are enabled by using javascript to set a cookie, and then on the same page reads it back. Did a quick check and it worked for me on IE6.

dank · 08-15-2003, 01:52 PM

That was quick, thanks.

It does seem to work when I check it in IE6, but the strange thing is it doesn't work (same problem as I reported with the other JS methods) when I check it on the local server or as a HTML editor preview. I suppose the other JS methods may have actually worked and it's just that local usage bypasses normal cookie settings?

Dan

dank · 08-15-2003, 02:01 PM

Yep, just uploaded the various local test copies to the FQ server and they seem to work fine in IE. It's always the little things that trip you up...

Dan

jeng1212 · 09-30-2003, 03:56 AM

I tried the method presented in the url. It worked in Netscape 7.0 but not in IE 6. Even if I set IE to block all cookies, it is still able to set and get the value of a cookie.

I have also tried other methods for checking cookies but it did not work. I am just simply creating a simple HTML that will be able to detect if the browser's cookie is enabled or disabled.

Please help me...

*doraevon* · 09-30-2003, 09:42 AM

How about a more brute force approach (I haven't tested this, so I'm not certain it would work, but on first glance the idea seems plausible)...

Initial connection:

Send a cookie test value on a blank page with a 0-second refresh where the refresh URL contains the same script name as the original URL plus something like '?login=1'.

Refresh:

Same script uses the additional information (i.e. ?login=1) to test whether the cookie is available or not. Sends the appropriate login page based on this information.

Result:

To the end user, there might be a very slight delay while the page refreshes, but it should be negligible.

Example:

Script (we'll call it index.php) is accessed the first time. Since the '?login=1' parameter is not included, index.php sends a test cookie on a blank page with the refresh tag in the header:

Code:

<html>
  <head>
    <meta http-equiv="Refresh" content="0,URL=http://somesite.bar/index.php?login=1">
  </head>
  <body>
    <!-- Just in case refresh *doesn't* work, user won't be stranded -->
    <div align="center">
    Click <a href="http://somesite.bar/index.php?login=1">
    <b>here</b></a> to log in...
    </div>
  </body>
</html>

Page will almost immediately refresh, using the '?login=1' parameter. The index.php script, detecting the '?login=1' parameter, can now check to see if the test cookie exists and act accordingly.

Summary:

Okay, maybe it would work, maybe not.

But the idea might help direct you to the solution. I'll actually test this out when I get a chance, but if it does work (and suits your requirements), enjoy!

Doraevon

dank · 09-30-2003, 11:10 AM

If I'm not mistaken, aren't there browsers out now that can disable META refreshes? If so, that would be a concern with the above approach. Maybe a 1-2 combo that first tries the refresh, then checks further down the page if it was successful (by looking for the $login == 1 setting). If it isn't, then try the previously mentioned check.

Dan

*doraevon* · 09-30-2003, 11:25 AM

Quote:

Originally posted by dank:
If I'm not mistaken, aren't there browsers out now that can disable META refreshes? If so, that would be a concern with the above approach. Maybe a 1-2 combo that first tries the refresh, then checks further down the page if it was successful (by looking for the $login == 1 setting). If it isn't, then try the previously mentioned check.

Dan

Dohhh!!

Now that I think about it, <meta> refresh would be one of those things that could be used to fool someone into going to a site they didn't expect. So it wouldn't suprise me if some security settings on some browsers turned this off. Oh well, so much for that idea...

Doraevon

jeng1212 · 10-01-2003, 01:46 AM

Thanks doraevon... but I tried the same approach using JSP and JavaScript but it still didn't work.

I was able to chace upon a website using PHP and it was able to check if my IE6's cookie is enabled or disabled.

Unfortunately, I am only allowed to use JavaScript and JSP to check the cookie. Almost all of the solutions presented in the tutorials and forums did not work in IE6.

*LightGuide* · 10-02-2003, 01:19 AM

http://www.javascripter.net/faq/arecooki.htm