[Phpmyadmin-devel] dilemma about cookies

Randall Fan fanrandall at gmail.com
Sun May 26 14:14:42 CEST 2013


Hi,

I think of another solution, after I read this [0].

You basically have a hidden input in the login form, and set its value to
be false. This will check if Javascript is enabled. Then if JS is enabled,
use the JS to check cookie status, and display certain messages if
necessary. In the mean time,  change hidden input value to true. If JS is
disabled, the submitted form will receive value "false" from the hidden
input, we know that the client disabled JS. And if no cookie can be
received at this page(we still send a cookie in the first page, just cannot
check it without reload. This page is the second page the user will visit),
we can safely display that both your JS and cookies are disabled.

In short, the cookie will be checked twice by JS and php. And we happen to
be able to ckeck JS status on the server side.

Randall

[0]
http://www.4guysfromrolla.com/ASPScripts/PrintPage.asp?REF=%2Fwebtech%2F082400-1.shtml

On Saturday, May 25, 2013, Randall Fan wrote:

> Hi,
> Yes I agree with your suggestion. Actually this is one of the UI
> improvements I am going to do for my GSoC. This message confused me and my
> friends when using it.
>
> Randall
>
> On Saturday, May 25, 2013, Marc Delisle wrote:
>
>> Hi,
>>
>> in AuthenticationCookie.class.php we verify whether $_COOKIE is empty,
>> because at this point we have sent some cookies. The goal is to warn
>> users about their browser not accepting cookies.
>>
>> However, it's too early to do this verification, because "Once the
>> cookies have been set, they can be accessed on the next page load with
>> the $_COOKIE" (PHP manual).
>>
>> We are not yet at the next page load. The result is that all browsers,
>> correctly set to accept cookies, when running phpMyAdmin for the first
>> time, show the "Cookies must be enabled past this point" message,
>> alerting users for nothing.
>>
>> Maybe we could force a page reload after the initial cookies sending,
>> but I'm not sure it's a good solution.
>>
>> I suggest to
>> - remove this verification
>> - in the "Cannot start session without errors" message (which can be
>> caused by a browser not accepting cookies), add a hint that not
>> accepting cookies is a possible cause
>>
>> Comments?
>>
>>
>> --
>> Marc Delisle
>> http://infomarc.info
>>
>>
>> ------------------------------------------------------------------------------
>> Try New Relic Now & We'll Send You this Cool Shirt
>> New Relic is the only SaaS-based application performance monitoring
>> service
>> that delivers powerful full stack analytics. Optimize and monitor your
>> browser, app, & servers with just a few lines of code. Try New Relic
>> and get this awesome Nerd Life shirt!
>> http://p.sf.net/sfu/newrelic_d2d_may
>> _______________________________________________
>> Phpmyadmin-devel mailing list
>> Phpmyadmin-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20130526/574332cc/attachment.html>


More information about the Developers mailing list