Cookies not working like they should but they work on localhost?

CrazyRabbit · November 3, 2023, 12:33am

I just got this website for free http://www.testgk.rf.gd/

Now the thing is that in localhost i have cooki cart set when client clicks on add to cart
at that moment it generates a code using this function

function CartExists() {
    // Check if the cart ID is stored in a cookie
    if (isset($_COOKIE['cart'])) {
        $cartID = $_COOKIE['cart'];
    } else {
        // If no cart ID is found in the cookie, generate a new one
        do {
            $randNumber = rand(000000, 999999);
            $cartExist = DoesItExist('carts', 'cart_id', $randNumber);
        } while ($cartExist);

        // Store the cart ID in a cookie with a 30-day expiration
        setcookie('cart', $randNumber, time() + (30 * 24 * 60 * 60), '/', '.rf.gd', true, true);
        
        $cartID = $randNumber;
        var_dump($cartID);
    }
    
    return $cartID;
}

As you can see i even did the var dump and i get back the cart ID number but the cart cookie its not created on website ( checked on developers tools )

However when i click on add to cart everything else works , it adds to cart using the last cart id but because its not saved everytime i click add to cart it will generate another ID

If i set the cart cookie manually from dev tools , it then works correctly like it should , anyone has had this issue before ?

Greenreader9 · November 3, 2023, 12:52am

You set secure to true
https://www.php.net/manual/en/function.setcookie.php

But your website is served over HTTP - so that cookie request is blocked:

(See the Restrict access to cookies section)

You need an SSL certificate:

chiucs123 · November 3, 2023, 6:32am

Hi CrazyRabbit,

While Greenreader9 has already told you about the SSL and HTTPS features that work with secure cookies for your eshop, the existing implementation is vulnerable to cart hijacking regardless of using HTTPS or not.

The code generates a random number and stores that number in plaintext mode inside the cookies header, meaning this data is being sent to the user and back to the server for each request. Whenever a piece of data is sent to the user, they have the opportunity to change that value to something else, and since the server has no way of checking if a certain cart belongs to this visitor, the operation is executed as is, and Amy now has a new iPhone 15 in her cart.

In case the number is also used as a reference to retrieve cart information, I would be able to see that Amy has also bought a bunch of accessories at this time.

There are ways to prevent this:

Instead of assigning numbers, assign tokens instead.
Store the token in SESSION instead of cookies.
Instead of using a random number, generate the token based on the username or IP address (at least) to keep carts isolated. One good method is to factor in more than one factor.

Cheers!

CrazyRabbit · November 3, 2023, 10:22am

Thank you guys , i really appriciate it both of you , i have just started with these things and learning all the way , Thank you !!

system · November 10, 2023, 10:23am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.