PHP setcookie() strange behaviour

Question

quys, I've got a trouble with my PHP application.

I have 2 pages for signing in and signing up. Both pages use common cookies class. Everything works fine, except one thing: setcookie() works only on /signin page (cookie value goes to the database, and cookie 'rwt' appears).

On signup page cookie value goes to the database, but setcookie() doesn't work.

Please, help.

P.S. That's the only problem, everything works on localhost, but not on production domain

P.P.S $DBH is PDO variable, which contains correct database information.

Signin page

$cookie = new Cookies($DBH);
 ........

if ($signin->remember=="yes") {
    $cookie->account_set($signin->user);
}

Signup page

  $cookie = new Cookies($DBH);
   .........
   ........

if ($signup->check_availability()) {

    $signup->save();

    $cookie->account_set($signup->user);

    header("Location:/");

} else {
    $msgText = "This username already exists";
    echo "<div class=\"orangeMsg\">$msgText</div>";
}

class cookies

 class Cookies
        {
            private $_DBH, $cookie_domain;  
            function __construct(PDO $DBH)
            {
                $this->_DBH=$DBH;
                $this->cookie_domain=$_SERVER['HTTP_HOST'];

            }
            public function account_set($value)
            {
                $cookie_value=uniquestr();
                // function from common.func.php
                $this->_DBH->query("UPDATE accounts SET cookie='$cookie_value' WHERE user='$value'");
                setcookie('rwt', $cookie_value, time()+60*60*24*7 , '/', $this->cookie_domain);
            }
            public function account_unset($value)
            {
                if (isset($_COOKIE['rwt'])) {
                    $cookie_value=$_COOKIE['rwt'];
                    setcookie("rwt", $cookie_value, time()-2592000, '/', $this->cookie_domain);
                    $this->_DBH->query("UPDATE accounts SET cookie=DEFAULT WHERE user='$value'");
                }
            }
        }

Answer 1

SOLUTION

It was a mistake in my code, it's really weird that it worked on local server.

MISTAKE EXPLANATION

I had if () {..} and if () {..} else {..} blocks of logic related to the signing up process. That's stupid, but I expected them to be related to each other.

Changing logic to if () {..} elseif () {..} else {..} has solved the problem

I apologize for such lame mistake.

Answer 2

My experience is, that the combination of setting a cookie and sending a HTTP reply other than 200 OK is prone to be troublesome. It might easily be, that your approach will work with some browsers, but not with others. You can improve the chances of this working by using setcookie() before header('Location ...'), (as some browsers seem to stop interpreting the headers if they encounter the Location header) but this is still no guarantee.

A workaround would be to redirect to your target location with a one-time GET parameter and set the cookie there.

Answer 3

You should always call exit directly after a header('Location: ...') call. Otherwise your script will continue running until the end, probably with some unexpected behavior as the result.

My guess is that you are in some way unsetting the cookie later on in the signup script.