Cookies vs. Sessions

Hey there!

At one of my jobs I recently got into using GreyBox. I needed a simple-to-use popup tool to create a popup window when a user clicks on an item in the online store to add it to their cart. They would click "Add," a window would pop up, and they would select how many of the item they wanted. When they clicked 'submit,' the popup window would send that data to a PHP script via AJAX to another page.

This other page would then check some cookies. If the customerID cookie was set, it meant the user was logged in. If the orderID cookie was set, it meant whoever was logged in had a previously created, incomplete order. If the orderID cookie was not set, then a new order was created for the customer logged in, or a temporary customer named "guestXX", where XX is the same number as the new orderID that was generated.

This script worked just fine in IE7. Unfortunately, I don't have a setup readily available to test IE5.5 or IE6. However, in Mozilla some very strange errors would occur. When dumping the array $_COOKIE to debug, I would notice that after the GreyBox window sent the AJAX
request and processed the remote script, a new cookie was created, and for some reason the other cookies would not be output. This new cookie had a strange look, too:

Name: ASPSESSIONIDSASQTBAS
Value: BDINLFLBOLMLADEJFMELJFOM
Expires: Session

Looks suspiciously like an ASP session id to me! I went through and changed all the cookies to sessions, and it solved the problem. The scripts all worked perfectly fine.

I haven't determined whether this was because of GreyBox, which I believe is tied to ASP in some way, or simply a mismatch of AJAX and cookies, or a peculiarity of Firefox. But one thing is for sure: I'm a converted man. No more cookies for this fatty. Sessions for information that needs to be shared across pages during one user's visit, and database storage for the more long-term values.

(I was eating Oreos as I wrote this post.)