PHP FAIL
October 6th, 2008

The explanation for maybe 70% of the pages on the internet that say,

Well I don't know what the hell just happened but maybe you should delete your cookies.

can be found here. Specifically,

The setcookie function will silently change the '' cookie value to 'deleted' and override your expiry time to time() - 1 year.

Now in percentage terms, the number of people that have a local date that is incorrect by more than one year is probably very small. However the law of enormous numbers implies that at least of few such people will be using your site if you are successful, more or less depending on your usage demographics. What is the result? Well, those people are sending you "deleted" as a cookie value and your naively-written script probably has no idea what to do with it. Then your script tries to delete the cookie if it doesn't know how to handle it, but hey we've been here already, and everybody frowns and scratches their heads for a bit before giving up and writing the "what the hell" error page.

The preventative measure I would suggest in situations like these is writing relatively low-level tests to hit your pages and confirm that your application is being a good HTTP citizen. Even if you have to hack around PHP's hacks to accomplish this.


RSS | Atom | Copyright © 2004-2014 Dan McKinley. At no point has the writing here constituted the opinions of my employer(s).