Months ago, I coded my first simple CMS. I went into my client’s office to proudly show him how my new CMS worked. I sat down on his chair to show him using his own computer how it worked. After the user logs in, the system was supposed to take you to a control panel. So I tried to login once and it sent me back to the login page… uhmmm… weird. I tried to login a second time and it redirects me again to the login page. Third time: nothing! I blushed from embarrassment. As I later discovered, my client had disabled cookies on his browser and that was the reason why my login script didn’t work. My PHP login system used sessions to keep the user logged-in, and since cookies were disabled on his browser sessions nor cookies would work. Now, every time I code a Website that uses cookies or sessions, I include a cookies-enabled check script and you should too.
Click the following link to see a live example of a PHP cookies-enabled check.
We will check if cookies are enabled by following these steps:
- Define a cookie
- Reload the page
- Check if the cookie we just defined is still there
Sounds plain and simple, right? It is! So, how do we express these 3 steps in code?
Steps 1 and 2: Define a cookie and reload the page
I’m going to explain steps 1 and 2 together so you understand how we use the $_GET['redirected'] variable included in the script.
if(!isset($_GET['redirected'])) {
setcookie ('mycookie', 'test', time() + 60);
header('location:'.$_SERVER['PHP_SELF'].'?redirected=1');
}
First, confirm that the page hasn’t been redirected already by checking if the $_GET['redirected'] variable is set. If the $_GET['redirected'] variable hasn’t been set, then the page will reload and set the $_GET['redirected'] variable on the query string. Just be careful not to create an endless loop of page redirection.
Before you output anything from your script, you should define the cookie. setcookie() defines a cookie named “mycookie” with value of “test” and the cookie is set to expire in sixty seconds or one minute. We set the cookie to expire in one minute because after we check if cookies are enabled or not we won’t longer need the cookie.
Step 3: Check if the cookie we just defined is still there
$cookie_message = '';
if(isset($_GET['redirected']) and $_GET['redirected']==1) {
if(!isset($_COOKIE['mycookie'])) {
$cookie_message = '
Cookies are NOT enabled on your browser. In order for us to process your request, we require cookies to be enabled. Please configure your browser to allow cookies.
';
}
else {
$cookie_message = '
Cookies are enabled on your browser.
';
}
}
Initialize the $cookie_message variable, which will be echoed later to let the user know if his/her browser accepts cookies.
Then, an if statement tests the $_GET['redirected'] variable to verify if the page has been reloaded. If the page has been reloaded, the next if/else statement checks if the $_COOKIE['mycookie'] variable exists and assigns a value to $cookie_message accordingly to be echoed later in the script.
This tutorial should help you get an overall idea of how to check if cookies are enabled. Customize the code to meet your needs. Don’t forget to include a cookies test script in all Web applications that handle cookies or sessions in some way.