What could cause cookie to not be set in $_COOKIE when it's in $_SERVER

I've set a cookie just fine, and the cookie is in the request header, but when I access that cookie in the PHP superglobal $_COOKIE it isn't set. Dumping $_COOKIE shows the other cookies but one, and all were in the request header.

If I dump $_SERVER I can see that cookie in $_SERVER['HTTP_COOKIE']. PHP sets all of the cookies into $_COOKIE but one.

What could cause this and whats a fix?

Server is running PHP 5.3.3.

Update: At the top of my index.php I var_dump($_SERVER); and then var_dump($_COOKIE); on the next line, and an expected cookie isn't printed from the second dump.

Update2:

Here's the Cookie part of my request

Cookie:SESSe00cd0d8b79da0906c77d52ed6e26907=2f9fhsomr2skcfmivagb1i8gj7; __utma=172891446.852439441.1310775539.1310775539.1310775539.1; __utmc=172891446; __utmv=172891446.%3A; __utmb=172891446.4.10.1310780296; OATMEAL=%9Ey%EE%C9J%956%C0%06%B3%EBZ%83%D1%80%C0%AC%D2%D0T%86%9A%2A%2A%A2E%B7f%86%D7i%C1%28%19L%1Fl%920%3CE%10%B6%C9c%1D%E3%A7H%D9%E1%29%1C%7E5%C8q%CC3%21C%0C%DC%CC%A5%F3i%10%F7%DCJjF%EE%B9%80%3C%C6Jy%A2%0E%3F%E3%BD%7B%BF%CD%84%85%91%BB3%B9%EA%CB%92%89%AC%FBc%BA%A32s%B5L%3E%DF%9B%CDk%08%DEZ%13%5Da1Q%B0%1CJ%90%AE%AF%3F%15%98%1B%E1%C1g%A9%BBzR%F5Q%82%8F%81%1A%D1%0E%87%DC%F3%3B%FF%B7%8E%09%0F%BF%DFK%A3t%D1%F3%DA_%ECKt%01%00x%D2%CCE%24%BB0%C2w%B4%82%F0Q%00O%F1v%19%11%0A%3A%BB%9Fy%B1%BC9hgy%C4%DC%DEN%C4%A4%3B%7D%E8%84h%07%E3+%0B%85y%8B%B5y%1B%FC%CE%86B%F55%ED%E0%01%EB%18%13%B0%09%CA%F9%3D%26%05%FC%A7%F8%E4%CD%3C%9E%D7%24%B1%BF%27t%B4%3C%89%D76开发者_开发问答%F0%CF%C0%D4%E7Z%A6%02%19j%D7%60%28%82%DF%DF%9C%05%25%CB%CA%04%B9%21N%D2r%A76%DD%D1%CB%97%B0%A9%13%29%3C%D6kdm%D1%14%EA%D4%1Fz%F9%CF%21i%BD%19RN%C3%8Dh%27R%15%99%13%FAv%13%8F%BBd%7B%F5%AD%D5%22%13q%13Z%F219%B9%B0_%AB%16%7B%D2%18%E3%F0%F6%9D%A4X

The cookie that's dropped is named "OATMEAL".

Update3: This PHP bug sound similar https://bugs.php.net/bug.php?id=52018

Your string is 1099 characters long.

Max length for a Cookie is 4Kb.

Assuming UTF-8 characters with 4 bytes per char you should be able to store between 1024.

Try to make OATMEAL smaller. Much smaller and let us know if that was the culprit.

You shouldn't use the value in $_SERVER["HTTP_COOKIE"]. It's not documented, so it's probably not reliable.

This message in comments for the setcookie function might answer your question.

Note that the $_COOKIE variable not will hold multiple cookies with the same name. ...

Could it be that you have not set the right path for the cookie? I have had problems with this before where it would not let me access the cookie because it was being set to a strange path automatically. I had to specify the correct path when I set the cookie.

You probably already know this but sometimes things can hide right under our noses.

http://us3.php.net/manual/en/function.setcookie.php

cheers, Michael

As others have already said, it's almost certainly to do with the length of your cookie string. You should make it shorter.

It's also worth pointing out that even if it works, there's a very good reason for not having such a long cookie string -- the entire cookie string gets sent in both directions for every single HTTP request you make.

Let's say you have a typical page, that loads twenty images, two CSS files and two Javascript files, plus the main HTML page itself. For a 1K cookies string like yours, that would be an extra 50K on your server's bandwidth (and your user's bandwidth) for every single page load. That's going to add up quickly if you've got a reasonable amount of traffic, and if you've got any kind of limits or metering on your bandwidth, it's going to cost you extra money.

Secondly, I don't know what that OATMEAL cookie contains; I don't have the time to decode it, but it looks a lot like you're obfuscating data (including adding some deliberate spoiler characters). Be aware that if this data is sensitive enough to want to obfuscate, then the cookie is a really bad place to be storing it.

If you really do need to pass that amount of data to the server, you should be sending it in a POST request. If the PHP program needs to access it with subsequent page loads, then set it in your $_SESSION array. If your Javascript code needs to be able to use it or set it, then use an Ajax request.

Thanks everyone, but offline from this thread another dev suggested base64 encoding the cookie data when sent. That worked and kept the data alive and I was able to base64 decode server-side and continue on.