Cookie gets too big, causes errors

[kragit]

Voting Method: Anonymous voting
PHP: 7.0.30
Craft: 3.0.33
Plugin: 2.0.3

I've had reports of voting breaking on the front-end if an individual votes for a large amount of items as it causes the cookie to get too big. Some rough math from other users pegs this number at around 130 different items, give or take a handful. I'll be running my own testing late next week.

superagent.js?v=1542947070:5 Set-Cookie header is ignored in response from url: http://stage.huskles.com/index.php?p=actions/upvote/vote/upvote. Cookie length should be less than or equal to 4096 characters.

HTML5 storage has been suggested as an alternative.

[lindseydiloreto]

Hi Adam, sorry for the delayed response!

Hmm, that's a good point about the cookie storage. Strangely, this is the first time it's been reported. I'll look into using HTML5 storage as an alternative.

Thanks for the heads up! 👍

[lindseydiloreto]

I've been thinking about this for a long time (obviously). I'm not certain that HTML5 storage is the right answer. As far as I can tell, it seems that HTML5 storage is only read/writable from the front-end, and wouldn't be accessible in any way via PHP.

I'm considering splitting the mega-cookie up into dozens (hundreds?) of smaller cookies. I'm not sure if this would create its own set of problems. Let me know if you have any thoughts or insights.

[kragit]

Allowing the cookie expiration to be set in the control panel ( #8 ) would indirectly help in some cases. Aside from that, it sounds like there really aren't any great alternatives to cookies that are also accessible by PHP. It seems like splitting into many smaller cookies or moving the tracking data into the database would be the only options.

[lindseydiloreto]

Good point, that would be helpful!

The tracking data is already stored in the database for logged-in users, but that doesn't help much with anonymous users.

[kragit]

Right, which is how I'm currently using it. It would have to be based off IP or similar for anonymous users and I'm not sure how viable that is in terms of storing in the database and size of data stored.

[lindseydiloreto]

I chewed on this for another year, and I think I finally have the answer...

Despite the headline, I don't think we could 100% get rid of cookies (but we could come damn close). There would probably still be one tiny cookie to retain some sort of session ID for as long as possible. That ID would be all we need to get their full vote history from the database.

The only bad news... I don't have an ETA for this. There are several important things on my itinerary before I can get to this particular feature. Once I circle back though, this will be exactly how I approach it! 👍

[kragit]

No worries on ETA from me. Our workaround is to edit the plug-in and set the cookie length to a short amount of time. Working well for us for now.

[lindseydiloreto]

Sounds great!