Q. Who made this thing ? Where can I report bugs or request features ?

A. PACT has been created by Jean-Philippe Côté (jp@cote.net). You can get the latest version at the following address: http://www.jpcote.com/pact/

Q. I can't see my cookies. What's happening ?

A.Cookies are hierarchic. This means that if you're trying to view a cookie set with the "/foo/bar" path, you won't be able to see it on a page that's not under this path. The same is true for domain names. If you try to view a cookie set by a page in www.jpcote.com from a page under jpcote.com, it won't work. On the other hand, if you try to view a cookie set under a page in jpcote.com from a page under www.jpcote.com, it will work (note that in this case you will be able to see the cookie but unable to delete it - see below).

Q. My cookies won't delete. What's happening ?

A. If you specified a path and a domain when setting the cookie, you must also specify them in the request to delete the cookie, otherwise it won't delete (see below for exceptions...). For example, if you sent the following "Set-cookie" header ...

Set-Cookie: foo=bar; expires=Tuesday, 20-Oct-2020 00:00:00 GMT; path=/; domain=www.jpcote.com

... you must delete it with a "Set-cookie" header that will include the path ("/") and the domain ("www.jpcote.com") previously specified. This would yield something like:

Set-Cookie: foo=; expires=Tuesday, 20-Oct-2000 00:00:00 GMT; path=/; domain=www.jpcote.com

Note that, once a cookie is set, there is no way for you to know what were the path and domain used to set that cookie. Therefore, be careful not to forget...

Of course, if you did not include a path and domain when setting the cookie, you don't have to worry about that when time comes to delete it.However, if you do not set the path and domain, the browser will decide and (yes you guessed it) all browser do not come up with the same decision. IE will use root ("/") while Netscape will use the actual directory path where the cookie was set ("/somedir"). This can obviously can cause cross-browser problems.

For this reason, and the one explained below, I suggest you always set the path and the domain for all your cookies. It's a little more trouble but it'll be much more reliable.

Note: Internet Explorer (contrary to Netscape and the cookie specification) will delete a cookie even if you only send a blank value and a date in the past. To be safe, follow the rules above.

Q. My cookies still won't delete. What's happening ?

The other possibility is that you've used one of the following characters in the name (or value) of your cookie: " " (any white space), "," (comma), ";" (semi-colon) or ":" colon (white space and colon seem to work in IE5). Those are all separators so they understandably shouldn't be used in cookie names.

Q. Why is there a "time zone" input menu ?

A. Because "Set-Cookie" headers must be specified in absolute GMT time. Therefore, if you specify a time interval I must know in what time zone the server is (or what time zone the server is returning) in order to calculate the interval and to output the correct GMT time stamp for the cookie.

Q. Is PHP's "setcookie" function evil ?

A. Well... no. But there are issues with the way PHP handles cookies that you should know about. First of all, PHP urlencodes the value (but not the name) of the cookie. Therefore, if you use weird characters in the name of your cookie, you may end up with unexpected results (like undeletable cookies from PHP's point of view). Secondly, if "magic_quotes" are enabled on the server you need to deal with them.

To avoid those issues, PACT does not use the "setcookie" function. It instead builds and reads the "Set-Cookie" header by itself. This is not to say that you shouldn't use the "setcoookie" function. 99.9% of the time this function works great. I only went to this extra length in order to make sure that PACT fully supports the cookie specifications without adding application-dependent limitations.

Q. What's the maximum length a cookie can have ?

A. The cookie specification says that the whole "Set-cookie" header should not be longer than 4K. That said, implementation varies across browsers. Netscape supports longer cookies while Internet Explorer chops them at 4K and sends the rest as part of the body of the page (?!?)...