Magento – Cookie Value Not Set

I'm trying to conditionally set a cookie IF a certain query string parameter exists. My Class is an observer. The config.xml code:

<frontend>
    <events>
        <controller_action_predispatch>
            <observers>
                <my_module>
                    <class>my_module/observer</class>
                    <method>setCookie</method>
                </my_module>
            </observers>
        </controller_action_predispatch>
    </events>
</frontend>

The observer class (app/code/local/My/Module/Model/Observer.php):

class My_Module_Model_Observer
{
    public $_defaultParam = null;

    public function setCookie(Varien_Event_Observer $observer = null, $setCookie = true)
    {
        $myCookie = 'source';
        $myCookieVal = $this->getQueryString($myCookie);
        $myCookiePeriod = (int) 86400 * 30;
        $myCookieEnabled = Mage::getStoreConfig('my_module/my_group/source_cookie', Mage::app()->getStore());
        if ($setCookie) {
            if ($myCookieEnabled == 1 && $myCookieVal) {
                $doCookie = $this->setCookie($myCookie, $myCookieVal, $myCookiePeriod, false);
            } else {
                if ($this->getCookie($myCookie)) {
                    $doCookie = $this->delCookie($myCookie);
                }
            }
        } else {
            $doCookie = $this->getCookie($myCookie, true);
        }
        return $doCookie;
    }

    public function getQueryString($param = null)
    {
        $queryParam = Mage::app()->getRequest()->getParam($param, 'notset');
        $paramValue = $queryParam ? (string) $queryParam : $this->_defaultParam;
        var_dump('ParamValue: ' . $paramValue);
        return $paramValue;
    }

    public function setCookie($cookieName = null, $cookieVal = null, $cookiePeriod = 3600, $setEncode = true)
    {
        $model = Mage::getModel('core/cookie');
        if ($setEncode) {
            $cookieVal = base64_encode($cookieVal);
        }
        $curStore = Mage::getBaseUrl(Mage_Core_Model_Store::URL_TYPE_WEB);
        $urlPath = parse_url($curStore);
        $cookiePath = rtrim(str_replace('index.php', '', $urlPath['path']), '/');
        var_dump('CookieVal: ' . $cookieVal);
        $theCookie = $model->set($cookieName, $cookieVal, $cookiePeriod, $cookiePath);
        return $theCookie;
    }
}

The query string looks like this:

mydomain.com?some=rubbish&then=what&we=really&want=this&source=my

You will notice in the method getQueryString, I'm var_dump'ing the variable $paramValue. It' spits out string(14) "ParamValue: my".

Also, in the setCookie method, the var_dump spits out string(13) "CookieVal: my".

HOWEVER, the cookie is set with the value notset! That means the $param is null, yes? But the var_dumps tell me otherwise. Why is the correct value not set in the cookie?

I guess I've been staring at this too long and need some eyes; could be my own stupidity! Thanks for taking a look.

~ Edit ~

I also tried to loop through all the query string params by changing the getQueryString method to the following:

public function getQueryString($param = null)
{
    $queryParams = Mage::app()->getRequest()->getParams();
    foreach ($queryParams as $pid => $p) {
        $paramValue = ($pid == 'source') ? $p : $this->_defaultParam;
    }
    var_dump('ParamValue: ' . $paramValue);
    return $paramValue;
}

But the result is the same.

Best Answer

Solved; thanks to @vinai for pointing out the following:

Using var_dump will trigger the headers to be sent, so trying to set a cookie after that point will obviously fail.

This is not explicitly defined in the PHP manual, but if you think about it, it makes sense! They do say ...as with anything that outputs its result directly to the browser...

Related Solutions

Magento – Set New Cookie Value

First, security:

This pattern is extremely dangerous:

$cookieVal = Mage::app()->getRequest()->getParam('source');
$theCookie = $model->set($cookieName, $cookieVal);

You should never accept user input and shove to a cookie - it gives a would-be attacker the instant ability to set any cookie they want from your domain.

Secondly, cookies:

[Insert "How do they work" meme here]

Cookies are sent back to a user session with the Response object. If you try to set a cookie after the header of the response you'll likely get this warning in the system.log or the general PHP log:

Cannot modify header information - headers already sent by //...

The only place you should be setting cookies is from within a controller action and before it loads the layout. If you're attempting to set cookies from anywhere else in the application you may have unexpected results.

Finally, your real issue:

Okay, so enough browbeating.

getParam is a method returned from Zend_Controller_Request_Http and does a series of tests:

public function getParam($key, $default = null)
{
    $keyName = (null !== ($alias = $this->getAlias($key))) ? $alias : $key;

    $paramSources = $this->getParamSources();
    if (isset($this->_params[$keyName])) {
        return $this->_params[$keyName];
    } elseif (in_array('_GET', $paramSources) && (isset($_GET[$keyName]))) {
        return $_GET[$keyName];
    } elseif (in_array('_POST', $paramSources) && (isset($_POST[$keyName]))) {
        return $_POST[$keyName];
    }

    return $default;
}

As you can see, the $default return value is null but you can change this with the second parameter. Try testing your return value. If it's null, pass a second parameter to getParam.

Alternatively, use of getParams (plural) will return all set parameters in the current request, regardless of the set method - e.g. GET or POST. Try doing a var_dump of getParams to test if your value is set.

I would also advise against using Mage::app()->getRequest() if you are within the scope of a controller action - instead use $this->getRequest().

Edit:

As @vinai pointed out in your other question, var_dump and echo push content to the browser and thus preclude your ability to set cookies.

Magento – Erratic cookie-related login problem

This is an article from NovusWeb: http://www.novusweb.com/fix-for-passing-magento-session-ids/

Fix for Passing Magento Session IDs

Author: Brett Williams

Posted November 9, 2011

Fixing Magento Session IDs

We often use shared SSL’s when building e-commerce sites. It’s a convenient way of hosting multiple stores without having to purchase separate SSL certificates for each site. Most of our e-commerce clients manage multiple stores within a single Magento or OpenCart installation. Recently, we found a problem with Magento where the customer’s session ID was not being passed successfully between their initial visit to the site and their page views after logging into the store as a registered customer. Magento was not passing the same session IDs, and this meant that a customer who had previously logged in and added items to their cart, would lose the contents of their cart after returning later and logging in. Not a great situation.

In looking at the cookies created during a session, I found that when going from an unsecure domain (i.e., http://) to a secure domain (i.e., https://), the session ID was being passed successfully and a new cookie for the secure domain was created with the same session ID as the unsecure domain. However, when the customer logged in, a new cookie was created for the secure domain with an entirely new session ID. Magento was now using the newer cookie, and whenever the customer clicked to go back into an unsecure domain page (e.g. product detail page), they were no longer logged into Magento as the unsecure domain was using its cookie/session ID, not the new session ID created at login. The solution would be to find where the new session ID was being created and prevent that from occurring.

So, I began digging into the code to see if I could find where Magento was creating the new session.

In app/code/core/Mage/Customer/Model/session.php, I found this at lines 177-189 (Magento CE 1.5.1):

public function login($username, $password)
{
/** @var $customer Mage_Customer_Model_Customer */
$customer = Mage::getModel('customer/customer')
->setWebsiteId(Mage::app()->getStore()->getWebsiteId());

if ($customer->authenticate($username, $password)) {
    $this->setCustomerAsLoggedIn($customer);
    $this->renewSession();
    return true;
}
return false;
}

My solution was to comment out the line: $this->renewSession():, so that Magento would not create a new session when the customer logged in. The changed code looks like this:

public function login($username, $password)
{
/** @var $customer Mage_Customer_Model_Customer */
$customer = Mage::getModel('customer/customer')
->setWebsiteId(Mage::app()->getStore()->getWebsiteId());

if ($customer->authenticate($username, $password)) {
    $this->setCustomerAsLoggedIn($customer);
    //$this->renewSession();
    return true;
}
return false;
}

So far in our testing, everything is working just fine, and the customer’s session is being retained between domains. Now, before you rush to change this core file, do the following:

Backup your databases (you should always do this before making any modifications). Build the following directory hierarchy: app/code/local/Mage/Customer/Model/. Put a copy of session.php into this new directory. Comment out the appropriate line, shown above, and save your file. By putting your modifications into the app/code/local directory, you’re telling Magento to use these files instead of the core files. More importantly, you’re preventing the loss of your modifications should you update Magento in the future.

It also provides a convenient way to store and manage your code modifications, as you only need to keep modified files in the app/code/local directory.

Be sure to leave a comment if you know of a more elegant solution, or if you find this works or doesn’t work for you.

~ Edit ~

Best Answer

Related Solutions

Magento – Set New Cookie Value

Magento – Erratic cookie-related login problem

Related Topic