php redirect cookie to show first time visitors a beta page

The background.

domain.com = a website about to go in to beta LAUNCH.domain.com = the splash page and a text field someone can enter an invite code into

auth_check.php - which launch.dom开发者_StackOverflow社区ain.com posts to on submit

if the inputed data on the splash page matches auth_checkphp then the user gets redirected to domain.com

if user has never been to domain.com they get sent to launch.domain.com

the issue.

when i enter the code in to launch.domain.com it sends me to domain.com so it works fine.

BUT the cookie is not being stored. after i close the browser and reopen it to go back to domain.com i am sent to launch.domain.com

here is my code.

auth_check.php

<?php
 $invite_code = "getaccess";   ----that is the code that must be entered in to form
 $site_url = "http://www.domain.com";  --- main domain.... 
 $thank_you_url = "http://www.domain.com/register.php";   ---- page they get sent to after entering the correct code

 if(isset($_POST['invite_code']) && $_POST['invite_code'] == $invite_code) {
  setcookie("can_see","true");  ----- invite code is the name of the text field

  header("Location: ".$thank_you_url);
  exit;
 }

 header("Location: ".$site_url);
 exit;
?>

index.php

<?php
 $register_url = "http://www.launch.domain.com";

 if(!$_COOKIE['can_see']) {
  header("Location: ".$register_url);
  exit;
 }
?>

the form is working fine. so i will leave that out

i just tested this one final time and it works fine in internet explorer - the cookie is set in chrome and IE but it is not stored

any input would be great!!

thanks much

The cookie probably is getting stored, but because the address is different - "domain.com" vs "launch.domain.com" - it's not getting sent back to the server.

What you can do is add a parameter to setcookie so that a cookie is valid for the entire domain and any subdomains:

setcookie("can_see", "true", 0, "/", ".domain.com");

That sets the cookie's name to "can_see", value to "true", the expiry date to "whenever the browser is closed" (aka a session cookie), the path of the cookie to the root of the domain, and the domain for the cookie as ".domain.com" (with the leading period). This will make it so all subdomains (www, launch, ftp, mail, whatever) can read the cookie.

See setcookie's docs, but basically, if you don't give an expiration, it's a session cookie and will be cleared when browser is closed.

In your original answer you said the subdomain and domain might be an issue so i just moved the contents of the launch sub domain to domain.com/launch added your line of code and it works.

i changed the 0 to time()+(60*60*24*365) though.

seems to be working fine.

thanks dude.