If you’re a regular on the site, you’ll have noticed that we have been hard at work creating a new Test Suite that will play nicely with DeviceAtlas.
During its development, I’ve had to put up with a ridiculous amount of obscure problems, but there’s one that continually rears its ugly, ugly head and makes life hell for me. Cookie support. Or lack of it.
Cookies are taken for granted on the non-mobile internet, and I’m not really around long enough to remember it ever being any different (I can hear the gasps from the back row!), so it came as quite a surprise to me to learn that mobile devices don’t play ball. Or at least, they try to play ball.
Take, for example, the absolutely wonderful (I had the 6230 for quite some time) Nokia 6230i, and the not-quite-so-fantastic Samsung SGH-ZV10. While testing yet another cookie related issue with the new system (which will hopefully go live in the very near future), I discovered that I was actually sending 2 cookies to the device. The first was an automatic domain level cookie, such as:
.testapplication.secretdomain.mobi. The second was one that I was purposefully sending to the device, which was a host level cookie, such as
testapplication.secretdomain.mobi. (notice the initial ‘.’ in the domain level one?). My problem was this: the Nokia could login to the site with no problems, but the Samsung couldn’t!
The fact that I was sending 2 cookies instead of the 1 that I thought I was sending, was pointed out to me, and I was linked to an extraordinarily helpful blogpost at Mippin, with the ever so convenient title of Cookie Conundrums.
Thanks to their legwork on the problem, and the annoying issue that I was currently dealing with, I discovered that cookie support on mobile devices is not guaranteed! (I know, shock shock, horror horror). And not only is it not guaranteed, but it varies from device to device (the Nokia accepted both cookies, but the Samsung accepted only the host level one). Again I remind you, that this is not something I’m used to dealing with
So, armed with this new found knowledge I proceeded to hack my local dev copy of Drupal to pieces in an effort to discover what on earth was going on.
Suffice to say, that Drupal outputs the domain level cookie regardless of the settings you may or may not have in your settings.php file. In order to prevent it from doing this, I had to hack the main bootstrap.inc file to include a switch which, if enabled would output the cookie as normal, and if disabled would output nothing!
Now, thanks to those helpful souls over at Mippin I can get back to doing real work