Cookies set by CakePHP don't show up

I've been ignoring this problem for a while because the user impact was low but that's changing as the site starts to offer incentives to members to login.

1. User logins in on www or local subdomain
2. Form submits to admin subdomain
3. admin runs authentication
4. admin stores a global cookie
5. admin redirects back to the page the user was on at step #1
6. page checks the cookies to see if login was successful

The first time the user tries to login they will be unsuccessful
The second time they login they will succeed (assuming the checks pan out)

I can load the script up with mail() commands to send me what is going on (site is live) and I can see that both times the login will be successful, the same steps taken, the cookies will be stored (I send myself $_COOKIE).

However when I view the cookies on the page they don't show up the first time.
I can refresh the page so I know it's not just a matter of the number of page loads (thinks back to cookie nightmares back in the '90s)
I'm using a standard cake cookie component so I know it's not me screwing the read/write up

I'm guessing I'm missing something fundamental about how I expect cookies to behave.
Can anyone set me straight?

 

By default, cookies are specific to the subdomain they were set on. For example, unless you explicitly tell a cookie to be set for all of digitalpoint.com, a cookie set on forums.digitalpoint.com (for example) wouldn't be available for reading on www.digitalpoint.com

It looks like CakePHP's cookie stuff is just a wrapper around the normal PHP setcookie() function. So you should be able to pass in the domain you want the cookie you are setting to be available to. If you set it to '.digitalpoint.com" it would allow it to be read by any subdomain.

Some additional info:

http://book.cakephp.org/2.0/en/core-libraries/components/cookie.html
http://php.net/manual/en/function.setcookie.php

 

Yep, the cookie is being set and is able to be read - the SECOND time the user tries to log in.
I'm trying to let the page know after the FIRST time.

I've just seen a thread at StackExchange which suggests that because I'm doing a redirect the cookie command to the browser isn't happening as expected.

Soooo

I'll create a test page to get loaded when someone logs in and then put a meta refresh on that to shoot them back to where they started. That way there is a page load right after the cookie is set, and then the real page load to read the cookie.

 

Dang, that didn't work

1. User logins in on www or local subdomain
2. Form submits to admin subdomain
3. admin runs authentication
4. admin stores a global cookie
5. admin displays a "flash" page
6. the flash page does a meta refresh back to the page the user was on at step #1
7. page checks the cookies to see if login was successful

 

Historically people needed to be able to log in to both public and admin but times have moved on and now everything is on the public side. They're running different versions of cake so the authentication is different so we chose the site with the later version to handle logging in.

I figure because it works the second time I must have it set up right and I'm using components that other people have written and tested.

At the time it was set up I hadn't done much with ajax and found that approach simpler. I've done loads since then so will try that approach instead.