When to use qa_cookie_get() and qa_cookie_get_create() ?

Question

Both functions are defined in qa-app-cookies.php.

function qa_cookie_get() → "Return the user identification cookie sent by the browser for this page request, or null if none"

function qa_cookie_get_create() → "Return user identification cookie sent by browser if valid, or create a new one if not.    Either way, extend for another year (this is used when an anonymous post is created)"

This question originated from finding a bug in the badges plugin where qa_cookie_get_create() is called:

qa_db_query_sub(
    'INSERT INTO ^eventlog (datetime, ipaddress, userid, handle, cookieid, event, params) '.
    'VALUES (NOW(), $, $, $, #, $, $)',
    qa_remote_ip_address(), $user_id, $handle, qa_cookie_get_create(), 'badge_awarded', 'badge_slug='.$badge_slug.($object_id?"\t".'postid='.$object_id:'')
);

I replaced qa_cookie_get_create() with qa_cookie_get() and would like to know about side effects.

Thank you!
Kai

Answer 1

The qa_cookie_get_create() function ensures that a user has a cookie assigned, by assigning a new one if  necessary, whereas qa_cookie_get() just returns the currently assigned cookie if there is one, or null otherwise. The only reason to use qa_cookie_get_create() is if you want to be certain that a particular operation can be correlated with an individual who is not logged in. It should not be called after some content has been output on the page.

Comments

Thanks for clarifying! This was important: "to be certain that a particular operation can be correlated with an individual who is not logged in."

The badges plugin is only setting 'cookieid' but never reading it again. So my fix should have no side effects :)

have a nice week-end!