Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>First up - it's not possible to tell (definitively) if a client supports cookies or not until you've set one. And if you're doing this server-side, since cookies are sent as part of the HTTP request, you will <em>have</em> to issue some kind of redirect to make this check:</p> <pre><code> client server 1a. GET index.html ----&gt; 1b. &lt;------------ sets a cookie, redirect to index.html?foo=bar 2. GET index.html?foo=bar --&gt; </code></pre> <p>Using Javascript does let you get around this, as you can at least query whether the cookie was set on the client side without requiring the client to make another request - but it's Javascript, as you say.</p> <p>Note that this kind of check is not exactly robust; it doesn't really validate that the cookies will stay around in any useful way (for example, an anti-spyware program may be clearing cookies every 30 minutes). It doesn't even validate that you'll be able to set the next cookie (especially if it's on a different subdomain; or the user may have asked the UA to prompt for each cookie, so just because <em>this</em> cookie is accepted doesn't mean the next one will be). And the next time the user logs in it may be from a different browser (with different settings), or they changed their security settings on this one, etc.</p> <p>Really, I'd think of this in the same way as client-side form validation - it's nice to be able to warn your visitors when they're trying something that just isn't going to work, but you can't really <strong>rely</strong> on it being correct. And in that context your last sentence is a little worrying - since you say it <em>needs</em> to work. What are the consequences if this test is wrong (i.e. you think you can set cookies but you actually can't)? I'm not saying that your site needs to work without cookies, just that you need to realise your checks may well give false positives, and you need to be aware of this.</p> <p>So in that context I'd say it probably <em>is</em> better to do the check in Javascript; if someone has JS <em>and</em> cookies disabled, they aren't going to be able to interact with the majority of sites that have some kind of login. When you receive a request without cookies, you have to send back an "Ooops, it looks like you have cookies disabled page" <em>anyway</em>, so it's hardly game-breaking if the initial check was skipped.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload