using $_COOKIE directly is buggy

[eluser]tokyotech[/eluser]
Is it forbidden to use $_COOKIE directly? I recall reading that using $_GET was forbidden, but don't recall reading anything about $_COOKIE.

The problem I am having when using $_COOKIE directly is that it appears that only the controller that set the cookie can access the cookie later. Is it believing that each controller is a different domain, so for security reasons, it keeps the cookies sandboxed?

I have been reading the in the CodeIgniter cookie helper that there is a $domain parameter. Supposedly, if I set this to some common constant I can solve my problem. I would like to get a second opinion on this before I start porting over my many lines of legacy code in vain.

Thanks.

[eluser]BrianDHall[/eluser]
Per http://ellislab.com/codeigniter/user-gui...urity.html, _COOKIE data is left alone long with _POST, so you should be able to access it directly any way you like.

If you hadn't already seen it though, you might be interested in the cookie helper: http://ellislab.com/codeigniter/user-gui...elper.html

On your problem with seemingly per-controller cookies, I haven't heard of that problem - I must admit to not dealing with cookies much in CI, so I'm unable to intelligently comment as to what might be wrong or where to look.

The only thing I know of is to check your config.php, as down a bit there are cookie settings including one about domain. Supposedly it allowed setting something like ".yourwebsite.com" to allow cross-domain cookies, but my limited attempts at using it weren't satisfactory and I moved on to other issues.