Puzzle with a cookie


The php code below is used with What You See Is What You Get Web Builder, to control a visit counter, and forms part of an extension - created using their Extension Builder. The variables in double $$'s are created in the Extension Builder as a means of easily changing parameters when creating web pages.
The variable $identcookie$ names a permanent cookie on my PC for the website concerned - www.boga.co.uk - but the cookie “first” is created by the php, and should disappear at the end of a session.

The script works fine, inasmuch as the file ‘counter.txt’ is NOT indexed if the computer accessing the website is MY machine (identified using $identname$ or the script is run more than once (if the page is refreshed or returned-to from elsewhere) . Thus only ‘real’ visits are counted.

The puzzle is - despite working as expected - on the first visit to the page, the $revisit variable remains at “NO” - as expected - but the Code Editor in Firefox shows that the ‘first’ cookie EXISTS. I believe that it should not come into being until the second visit.

The code from the Body section of the HTML, which actually displays the visit count is shown below the php - with the $revisit and $user values included for testing. $text$ would contain something like “Visits to BOGA”.

If anyone can throw some light on this puzzle I would be grateful, as these sorts of queries can often hide something else I’ve got wrong.


//check if first visit
$revisit = "No";
   	$revisit = "Yes" ;
	$cookie_name = "first";
	$cookie_value = "XX";
	setcookie($cookie_name, $cookie_value);

//check if MY computer
$cookie_name = "$identcookie$";
         $user = $_COOKIE[$cookie_name];

// get the visit count, and update if first visit and NOT on my computer
$file = fopen("$file$", 'r');
$data = fread($file, filesize("$file$"));
if ($data !== false)
	$hits = intval($data);
	if ($user != "$identname$" && $revisit != "Yes")
		$file = fopen("$file$", 'w');
		flock($file, LOCK_EX);
		fwrite($file, $hits);
		flock($file, LOCK_UN);


$text$ <?php echo $hits;?><?php echo $revisit;?><?php echo $user;?>


Well, not really sure of your question. But, are you stating that you are using TWO cookies to do the job of one? No reason to do that. A cookie should be linked to a user. And, in your database code you can track that one user using an encrypted cookie of his/her user id. You can not expect a locally saved user’s cookie to keep tract of much.

If a user has cookie’s turned off, then your code will not work at all.
Most browser’s cache data and cookie’s so you can still see the values even though they do not exist.
(You can test it by clearing the cached data and revisiting the site.)
You can not review any browser’s cached data and expect it to match the live data. You need to put a flag on the page, hopefully in a test version, and see what it says.

Another issue is what you call a “visit”. The computer should have nothing to do it. If you are on “your” computer and then move to your phone or iPad, it that another visit or a continuation of your current “visit”?
I think I would consider that as one visit only. But, you can not track that on multiple computers. It would be needed to be done on the server. (You can validate that using the first level IP addresses as they would be the same on your LAN.)
If you used one cookie called “user”, you could store “first” in it along with the user-id and then if revisited, you can change that cookie’s value to “revisit” or whatever. Using two cookies might be a caching issue.

Not sure if any of that helped, but, I think it is the cache showing it is still there.


Thanks for your reply to my question – I think your points about the cache probably give the explanation.

Regarding the cookies: When I included a simple PHP counter, I was annoyed to see that each time I tested my site as I made changes and additions, the visit count was increased. As webmaster my visits are irrelevant, so I tried to stop the incrementing if it was me accessing the site – initially using my IP address, but knowing that it was liable to change, sought something else. Apparently I cannot use $_SERVER[‘REMOTE_HOST’] as the website is on a shared server and I cannot individually adjust the settings there to enable this variable to be stored and accessed. Someone suggested using a cookie, so I installed one permanently on the PC I use for all my webmastering work, and accessing that gives one of the criteria for inhibiting incrementing.

The other cookie that the PHP tries to install on anyone else’s PC is used to prevent visit count incrementing when the index page is refreshed or returned to from elsewhere on the site. If they have cookies turned off, obviously it does not work, but in the majority (?) of cases hopefully it does.


Yes, I understand your issue with not counting yourself. If you use the IP, it can be confusing. I do have code somewhere that attempts to get the real IP that hides behind the fake one, but, not always finds it.

But, the other way is to use the login and if it is you, have it not save the hit. Depends on if your website forces members to log in or not. If not, then hit-counts are not of use anyways. Google and other robots might kick the count up if you don’t code it correctly to ban them. If it does require login’s, then it is easy to not count your log in, just skip the entire process for your user-id. Make sense?

Nowadays, very few sites care about how many hits they get. They are more interested in how many registered members they have. Hit-counts used to be an advertising tool for a lot of sites. But, now it is more common to advertise the member count or even the FB-Like-counts… Just my thoughts…